diff options
author | Phil Sutter <phil@nwl.cc> | 2019-03-09 11:56:05 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2019-03-11 13:34:51 +0100 |
commit | 9c0ed46f68cada9f3455be91adb553d020012596 (patch) | |
tree | 249499eb5b3b977a29088b4bff905a82ce546a14 /tests/test_filter.c | |
parent | e0d8a7cec8ba5ca8fed95eacb5c9f1166f386490 (diff) |
Rename 'qa' directory to 'tests'
When searching for library tests, 'qa' is easily overlooked. Use a more
common name instead.
Suggested-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests/test_filter.c')
-rw-r--r-- | tests/test_filter.c | 79 |
1 files changed, 79 insertions, 0 deletions
diff --git a/tests/test_filter.c b/tests/test_filter.c new file mode 100644 index 0000000..7877819 --- /dev/null +++ b/tests/test_filter.c @@ -0,0 +1,79 @@ +/* + * Test for the filter API + */ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <arpa/inet.h> +#include <errno.h> + +#include <libnetfilter_conntrack/libnetfilter_conntrack.h> + +static int event_cb(enum nf_conntrack_msg_type type, + struct nf_conntrack *ct, + void *data) +{ + static int n = 0; + char buf[1024]; + + nfct_snprintf(buf, sizeof(buf), ct, type, NFCT_O_PLAIN, NFCT_OF_TIME); + printf("%s\n", buf); + + if (++n == 10) + return NFCT_CB_STOP; + + return NFCT_CB_CONTINUE; +} + +int main(void) +{ + int i, ret; + struct nfct_handle *h; + struct nfct_filter *filter; + + h = nfct_open(CONNTRACK, NF_NETLINK_CONNTRACK_NEW | + NF_NETLINK_CONNTRACK_UPDATE); + if (!h) { + perror("nfct_open"); + return 0; + } + + filter = nfct_filter_create(); + if (!filter) { + perror("nfct_create_filter"); + return 0; + } + + if (nfct_filter_attach(nfct_fd(h), filter) == -1) { + perror("nfct_filter_attach"); + return 0; + } + + /* protocol 255 is skipped since we support up to 255 protocols max */ + for (i=0; i<IPPROTO_MAX; i++) + nfct_filter_add_attr_u32(filter,NFCT_FILTER_L4PROTO,i); + + /* up to 127 IP addresses, above that adding is noop */ + for (i=0; i<128; i++) { + /* BSF always wants data in host-byte order */ + struct nfct_filter_ipv4 fltr_ipv4 = { + .addr = ntohl(inet_addr("127.0.0.1")) + i, + .mask = 0xffffffff, + }; + nfct_filter_add_attr(filter, NFCT_FILTER_SRC_IPV4, &fltr_ipv4); + }; + + if (nfct_filter_attach(nfct_fd(h), filter) == -1) { + perror("nfct_filter_attach"); + return 0; + } + + nfct_filter_destroy(filter); + + nfct_callback_register(h, NFCT_T_ALL, event_cb, NULL); + + ret = nfct_catch(h); + printf("test ret=%d (%s)\n", ret, strerror(errno)); + return EXIT_SUCCESS; +} |