From 8ca32474125483ae58e93e2822a8e5af9f9b72ab Mon Sep 17 00:00:00 2001 From: "/C=EU/ST=EU/CN=Pablo Neira Ayuso/emailAddress=pablo@netfilter.org" Date: Sun, 13 May 2007 23:42:43 +0000 Subject: - split new_api_test.c into several conntrack_*.c files to learn much easier how the new API works --- utils/Makefile.am | 43 ++++++++++++--- utils/conntrack_create.c | 53 ++++++++++++++++++ utils/conntrack_create_nat.c | 55 +++++++++++++++++++ utils/conntrack_delete.c | 42 +++++++++++++++ utils/conntrack_dump.c | 41 ++++++++++++++ utils/conntrack_events.c | 49 +++++++++++++++++ utils/conntrack_flush.c | 28 ++++++++++ utils/conntrack_get.c | 56 +++++++++++++++++++ utils/conntrack_update.c | 53 ++++++++++++++++++ utils/new_api_test.c | 124 ------------------------------------------- 10 files changed, 414 insertions(+), 130 deletions(-) create mode 100644 utils/conntrack_create.c create mode 100644 utils/conntrack_create_nat.c create mode 100644 utils/conntrack_delete.c create mode 100644 utils/conntrack_dump.c create mode 100644 utils/conntrack_events.c create mode 100644 utils/conntrack_flush.c create mode 100644 utils/conntrack_get.c create mode 100644 utils/conntrack_update.c delete mode 100644 utils/new_api_test.c diff --git a/utils/Makefile.am b/utils/Makefile.am index f01e153..9316368 100644 --- a/utils/Makefile.am +++ b/utils/Makefile.am @@ -1,17 +1,48 @@ include $(top_srcdir)/Make_global.am -bin_PROGRAMS = ctnl_test new_api_test \ +bin_PROGRAMS = ctnl_test \ expect_dump expect_create expect_get expect_delete \ - expect_flush expect_events - -new_api_test_SOURCES = new_api_test.c -new_api_test_LDADD = ../src/libnetfilter_conntrack.la -new_api_test_LDFLAGS = -dynamic -ldl + expect_flush expect_events \ + conntrack_create conntrack_dump conntrack_update \ + conntrack_delete conntrack_flush conntrack_create_nat \ + conntrack_get conntrack_events ctnl_test_SOURCES = ctnl_test.c ctnl_test_LDADD = ../src/libnetfilter_conntrack.la ctnl_test_LDFLAGS = -dynamic -ldl +conntrack_create_SOURCES = conntrack_create.c +conntrack_create_LDADD = ../src/libnetfilter_conntrack.la +conntrack_create_LDFLAGS = -dynamic -ldl + +conntrack_get_SOURCES = conntrack_get.c +conntrack_get_LDADD = ../src/libnetfilter_conntrack.la +conntrack_get_LDFLAGS = -dynamic -ldl + +conntrack_create_nat_SOURCES = conntrack_create_nat.c +conntrack_create_nat_LDADD = ../src/libnetfilter_conntrack.la +conntrack_create_nat_LDFLAGS = -dynamic -ldl + +conntrack_update_SOURCES = conntrack_update.c +conntrack_update_LDADD = ../src/libnetfilter_conntrack.la +conntrack_update_LDFLAGS = -dynamic -ldl + +conntrack_delete_SOURCES = conntrack_delete.c +conntrack_delete_LDADD = ../src/libnetfilter_conntrack.la +conntrack_delete_LDFLAGS = -dynamic -ldl + +conntrack_dump_SOURCES = conntrack_dump.c +conntrack_dump_LDADD = ../src/libnetfilter_conntrack.la +conntrack_dump_LDFLAGS = -dynamic -ldl + +conntrack_flush_SOURCES = conntrack_flush.c +conntrack_flush_LDADD = ../src/libnetfilter_conntrack.la +conntrack_flush_LDFLAGS = -dynamic -ldl + +conntrack_events_SOURCES = conntrack_events.c +conntrack_events_LDADD = ../src/libnetfilter_conntrack.la +conntrack_events_LDFLAGS = -dynamic -ldl + expect_dump_SOURCES = expect_dump.c expect_dump_LDADD = ../src/libnetfilter_conntrack.la expect_dump_LDFLAGS = -dynamic -ldl diff --git a/utils/conntrack_create.c b/utils/conntrack_create.c new file mode 100644 index 0000000..3c41d22 --- /dev/null +++ b/utils/conntrack_create.c @@ -0,0 +1,53 @@ +#include +#include +#include + +#include +#include + +int main() +{ + int ret; + struct nfct_handle *h; + struct nf_conntrack *ct; + + ct = nfct_new(); + if (!ct) { + perror("nfct_new"); + return 0; + } + + nfct_set_attr_u8(ct, ATTR_ORIG_L3PROTO, AF_INET); + nfct_set_attr_u32(ct, ATTR_ORIG_IPV4_SRC, inet_addr("1.1.1.1")); + nfct_set_attr_u32(ct, ATTR_ORIG_IPV4_DST, inet_addr("2.2.2.2")); + + nfct_set_attr_u8(ct, ATTR_ORIG_L4PROTO, IPPROTO_TCP); + nfct_set_attr_u16(ct, ATTR_ORIG_PORT_SRC, htons(20)); + nfct_set_attr_u16(ct, ATTR_ORIG_PORT_DST, htons(10)); + + nfct_set_attr_u8(ct, ATTR_REPL_L3PROTO, AF_INET); + nfct_set_attr_u32(ct, ATTR_REPL_IPV4_SRC, inet_addr("2.2.2.2")); + nfct_set_attr_u32(ct, ATTR_REPL_IPV4_DST, inet_addr("1.1.1.1")); + + nfct_set_attr_u8(ct, ATTR_REPL_L4PROTO, IPPROTO_TCP); + nfct_set_attr_u16(ct, ATTR_REPL_PORT_SRC, htons(10)); + nfct_set_attr_u16(ct, ATTR_REPL_PORT_DST, htons(20)); + + nfct_set_attr_u8(ct, ATTR_TCP_STATE, TCP_CONNTRACK_LISTEN); + nfct_set_attr_u32(ct, ATTR_TIMEOUT, 100); + + h = nfct_open(CONNTRACK, 0); + if (!h) { + perror("nfct_open"); + return -1; + } + + ret = nfct_query(h, NFCT_Q_CREATE, ct); + + printf("TEST: create conntrack (%d)(%s)\n", ret, strerror(errno)); + + if (ret == -1) + exit(EXIT_FAILURE); + + nfct_close(h); +} diff --git a/utils/conntrack_create_nat.c b/utils/conntrack_create_nat.c new file mode 100644 index 0000000..591f1bb --- /dev/null +++ b/utils/conntrack_create_nat.c @@ -0,0 +1,55 @@ +#include +#include +#include + +#include +#include + +int main() +{ + int ret; + struct nfct_handle *h; + struct nf_conntrack *ct; + + ct = nfct_new(); + if (!ct) { + perror("nfct_new"); + return 0; + } + + nfct_set_attr_u8(ct, ATTR_ORIG_L3PROTO, AF_INET); + nfct_set_attr_u32(ct, ATTR_ORIG_IPV4_SRC, inet_addr("1.1.1.1")); + nfct_set_attr_u32(ct, ATTR_ORIG_IPV4_DST, inet_addr("2.2.2.2")); + + nfct_set_attr_u8(ct, ATTR_ORIG_L4PROTO, IPPROTO_TCP); + nfct_set_attr_u16(ct, ATTR_ORIG_PORT_SRC, htons(20)); + nfct_set_attr_u16(ct, ATTR_ORIG_PORT_DST, htons(10)); + + nfct_set_attr_u8(ct, ATTR_REPL_L3PROTO, AF_INET); + nfct_set_attr_u32(ct, ATTR_REPL_IPV4_SRC, inet_addr("2.2.2.2")); + nfct_set_attr_u32(ct, ATTR_REPL_IPV4_DST, inet_addr("1.1.1.1")); + + nfct_set_attr_u8(ct, ATTR_REPL_L4PROTO, IPPROTO_TCP); + nfct_set_attr_u16(ct, ATTR_REPL_PORT_SRC, htons(10)); + nfct_set_attr_u16(ct, ATTR_REPL_PORT_DST, htons(20)); + + nfct_set_attr_u8(ct, ATTR_TCP_STATE, TCP_CONNTRACK_LISTEN); + nfct_set_attr_u32(ct, ATTR_TIMEOUT, 100); + + nfct_set_attr_u32(ct, ATTR_SNAT_IPV4, inet_addr("8.8.8.8")); + + h = nfct_open(CONNTRACK, 0); + if (!h) { + perror("nfct_open"); + return -1; + } + + ret = nfct_query(h, NFCT_Q_CREATE, ct); + + printf("TEST: create conntrack (%d)(%s)\n", ret, strerror(errno)); + + if (ret == -1) + exit(EXIT_FAILURE); + + nfct_close(h); +} diff --git a/utils/conntrack_delete.c b/utils/conntrack_delete.c new file mode 100644 index 0000000..55d2d52 --- /dev/null +++ b/utils/conntrack_delete.c @@ -0,0 +1,42 @@ +#include +#include +#include + +#include +#include + +int main() +{ + int ret; + struct nfct_handle *h; + struct nf_conntrack *ct; + + ct = nfct_new(); + if (!ct) { + perror("nfct_new"); + return 0; + } + + nfct_set_attr_u8(ct, ATTR_L3PROTO, AF_INET); + nfct_set_attr_u32(ct, ATTR_IPV4_SRC, inet_addr("1.1.1.1")); + nfct_set_attr_u32(ct, ATTR_IPV4_DST, inet_addr("2.2.2.2")); + + nfct_set_attr_u8(ct, ATTR_L4PROTO, IPPROTO_TCP); + nfct_set_attr_u16(ct, ATTR_PORT_SRC, htons(20)); + nfct_set_attr_u16(ct, ATTR_PORT_DST, htons(10)); + + h = nfct_open(CONNTRACK, 0); + if (!h) { + perror("nfct_open"); + return -1; + } + + ret = nfct_query(h, NFCT_Q_DESTROY, ct); + + printf("TEST: delete conntrack (%d)(%s)\n", ret, strerror(errno)); + + if (ret == -1) + exit(EXIT_FAILURE); + + nfct_close(h); +} diff --git a/utils/conntrack_dump.c b/utils/conntrack_dump.c new file mode 100644 index 0000000..b30bf38 --- /dev/null +++ b/utils/conntrack_dump.c @@ -0,0 +1,41 @@ +#include +#include +#include + +#include + +static int cb(enum nf_conntrack_msg_type type, + struct nf_conntrack *ct, + void *data) +{ + char buf[1024]; + + nfct_snprintf(buf, 1024, ct, NFCT_T_UNKNOWN, NFCT_O_DEFAULT, NFCT_OF_SHOW_LAYER3); + printf("%s\n", buf); + + return NFCT_CB_CONTINUE; +} + +int main() +{ + int ret; + u_int8_t family = AF_INET; + struct nfct_handle *h; + char buf[1024]; + + h = nfct_open(CONNTRACK, 0); + if (!h) { + perror("nfct_open"); + return -1; + } + + nfct_callback_register(h, NFCT_T_ALL, cb, NULL); + ret = nfct_query(h, NFCT_Q_DUMP, &family); + + printf("TEST: dump conntrack (%d)(%s)\n", ret, strerror(errno)); + + if (ret == -1) + exit(EXIT_FAILURE); + + nfct_close(h); +} diff --git a/utils/conntrack_events.c b/utils/conntrack_events.c new file mode 100644 index 0000000..68b9c2c --- /dev/null +++ b/utils/conntrack_events.c @@ -0,0 +1,49 @@ +#include +#include +#include + +#include + +static int event_cb(enum nf_conntrack_msg_type type, + struct nf_conntrack *ct, + void *data) +{ + static int n = 0; + char buf[1024]; + + nfct_snprintf(buf, 1024, ct, type, NFCT_O_XML, 0); + printf("%s\n", buf); + + if (++n == 10) + return NFCT_CB_STOP; + + return NFCT_CB_CONTINUE; +} + +int main() +{ + int ret; + u_int8_t family = AF_INET; + struct nfct_handle *h; + struct nf_conntrack *ct; + char buf[1024]; + + h = nfct_open(CONNTRACK, NFCT_ALL_CT_GROUPS); + if (!h) { + perror("nfct_open"); + return 0; + } + + nfct_callback_register(h, NFCT_T_ALL, event_cb, NULL); + + printf("TEST: waiting for 10 events...\n"); + + ret = nfct_catch(h); + + printf("TEST: OK (%d)(%s)\n", ret, strerror(errno)); + + if (ret == -1) + exit(EXIT_FAILURE); + + nfct_close(h); +} diff --git a/utils/conntrack_flush.c b/utils/conntrack_flush.c new file mode 100644 index 0000000..43e8d78 --- /dev/null +++ b/utils/conntrack_flush.c @@ -0,0 +1,28 @@ +#include +#include +#include + +#include + +int main() +{ + int ret; + u_int8_t family = AF_INET; + struct nfct_handle *h; + char buf[1024]; + + h = nfct_open(CONNTRACK, 0); + if (!h) { + perror("nfct_open"); + return -1; + } + + ret = nfct_query(h, NFCT_Q_FLUSH, &family); + + printf("TEST: flush conntrack (%d)(%s)\n", ret, strerror(errno)); + + if (ret == -1) + exit(EXIT_FAILURE); + + nfct_close(h); +} diff --git a/utils/conntrack_get.c b/utils/conntrack_get.c new file mode 100644 index 0000000..68ee2fd --- /dev/null +++ b/utils/conntrack_get.c @@ -0,0 +1,56 @@ +#include +#include +#include + +#include +#include + +static int cb(enum nf_conntrack_msg_type type, + struct nf_conntrack *ct, + void *data) +{ + char buf[1024]; + + nfct_snprintf(buf, 1024, ct, NFCT_T_UNKNOWN, NFCT_O_DEFAULT, NFCT_OF_SHOW_LAYER3); + printf("%s\n", buf); + + return NFCT_CB_CONTINUE; +} + +int main() +{ + int ret; + struct nfct_handle *h; + struct nf_conntrack *ct; + + ct = nfct_new(); + if (!ct) { + perror("nfct_new"); + return 0; + } + + nfct_set_attr_u8(ct, ATTR_L3PROTO, AF_INET); + nfct_set_attr_u32(ct, ATTR_IPV4_SRC, inet_addr("1.1.1.1")); + nfct_set_attr_u32(ct, ATTR_IPV4_DST, inet_addr("2.2.2.2")); + + nfct_set_attr_u8(ct, ATTR_L4PROTO, IPPROTO_TCP); + nfct_set_attr_u16(ct, ATTR_PORT_SRC, htons(20)); + nfct_set_attr_u16(ct, ATTR_PORT_DST, htons(10)); + + h = nfct_open(CONNTRACK, 0); + if (!h) { + perror("nfct_open"); + return -1; + } + + nfct_callback_register(h, NFCT_T_ALL, cb, NULL); + + ret = nfct_query(h, NFCT_Q_GET, ct); + + printf("TEST: get conntrack (%d)(%s)\n", ret, strerror(errno)); + + if (ret == -1) + exit(EXIT_FAILURE); + + nfct_close(h); +} diff --git a/utils/conntrack_update.c b/utils/conntrack_update.c new file mode 100644 index 0000000..82b95d5 --- /dev/null +++ b/utils/conntrack_update.c @@ -0,0 +1,53 @@ +#include +#include +#include + +#include +#include + +int main() +{ + int ret; + struct nfct_handle *h; + struct nf_conntrack *ct; + + ct = nfct_new(); + if (!ct) { + perror("nfct_new"); + return 0; + } + + nfct_set_attr_u8(ct, ATTR_ORIG_L3PROTO, AF_INET); + nfct_set_attr_u32(ct, ATTR_ORIG_IPV4_SRC, inet_addr("1.1.1.1")); + nfct_set_attr_u32(ct, ATTR_ORIG_IPV4_DST, inet_addr("2.2.2.2")); + + nfct_set_attr_u8(ct, ATTR_ORIG_L4PROTO, IPPROTO_TCP); + nfct_set_attr_u16(ct, ATTR_ORIG_PORT_SRC, htons(20)); + nfct_set_attr_u16(ct, ATTR_ORIG_PORT_DST, htons(10)); + + nfct_set_attr_u8(ct, ATTR_REPL_L3PROTO, AF_INET); + nfct_set_attr_u32(ct, ATTR_REPL_IPV4_SRC, inet_addr("2.2.2.2")); + nfct_set_attr_u32(ct, ATTR_REPL_IPV4_DST, inet_addr("1.1.1.1")); + + nfct_set_attr_u8(ct, ATTR_REPL_L4PROTO, IPPROTO_TCP); + nfct_set_attr_u16(ct, ATTR_REPL_PORT_SRC, htons(10)); + nfct_set_attr_u16(ct, ATTR_REPL_PORT_DST, htons(20)); + + nfct_set_attr_u8(ct, ATTR_TCP_STATE, TCP_CONNTRACK_SYN_SENT); + nfct_set_attr_u32(ct, ATTR_TIMEOUT, 600); + + h = nfct_open(CONNTRACK, 0); + if (!h) { + perror("nfct_open"); + return -1; + } + + ret = nfct_query(h, NFCT_Q_UPDATE, ct); + + printf("TEST: update conntrack (%d)(%s)\n", ret, strerror(errno)); + + if (ret == -1) + exit(EXIT_FAILURE); + + nfct_close(h); +} diff --git a/utils/new_api_test.c b/utils/new_api_test.c deleted file mode 100644 index aad2f52..0000000 --- a/utils/new_api_test.c +++ /dev/null @@ -1,124 +0,0 @@ -#include -#include - -#include -#include - -static int cb(enum nf_conntrack_msg_type type, - struct nf_conntrack *ct, - void *data) -{ - char buf[1024]; - - nfct_snprintf(buf, 1024, ct, NFCT_T_UNKNOWN, NFCT_O_DEFAULT, NFCT_OF_SHOW_LAYER3); - printf("%s\n", buf); - - return NFCT_CB_CONTINUE; -} - -static int event_cb(enum nf_conntrack_msg_type type, - struct nf_conntrack *ct, - void *data) -{ - static int n = 0; - char buf[1024]; - - nfct_snprintf(buf, 1024, ct, type, NFCT_O_XML, 0); - printf("%s\n", buf); - - if (++n == 10) - return NFCT_CB_STOP; - - return NFCT_CB_CONTINUE; -} - -int main() -{ - int ret; - u_int8_t family = AF_INET; - struct nfct_handle *h; - struct nf_conntrack *ct; - char buf[1024]; - - printf("Test for NEW libnetfilter_conntrack API\n"); - printf("=======================================\n"); - - ct = nfct_new(); - if (!ct) { - perror("nfct_new"); - return 0; - } - - nfct_set_attr_u8(ct, ATTR_ORIG_L3PROTO, AF_INET); - nfct_set_attr_u32(ct, ATTR_ORIG_IPV4_SRC, inet_addr("1.1.1.1")); - nfct_set_attr_u32(ct, ATTR_ORIG_IPV4_DST, inet_addr("2.2.2.2")); - - nfct_set_attr_u8(ct, ATTR_ORIG_L4PROTO, IPPROTO_TCP); - nfct_set_attr_u16(ct, ATTR_ORIG_PORT_SRC, htons(20)); - nfct_set_attr_u16(ct, ATTR_ORIG_PORT_DST, htons(10)); - - nfct_set_attr_u8(ct, ATTR_REPL_L3PROTO, AF_INET); - nfct_set_attr_u32(ct, ATTR_REPL_IPV4_SRC, inet_addr("2.2.2.2")); - nfct_set_attr_u32(ct, ATTR_REPL_IPV4_DST, inet_addr("1.1.1.1")); - - nfct_set_attr_u8(ct, ATTR_REPL_L4PROTO, IPPROTO_TCP); - nfct_set_attr_u16(ct, ATTR_REPL_PORT_SRC, htons(10)); - nfct_set_attr_u16(ct, ATTR_REPL_PORT_DST, htons(20)); - - nfct_set_attr_u8(ct, ATTR_TCP_STATE, TCP_CONNTRACK_LISTEN); - nfct_set_attr_u32(ct, ATTR_TIMEOUT, 100); - - h = nfct_open(CONNTRACK, 0); - if (!h) { - perror("nfct_open"); - return -1; - } - - ret = nfct_query(h, NFCT_Q_CREATE, ct); - - printf("TEST 1: create conntrack (%d)(%s)\n", ret, strerror(errno)); - - ret = nfct_query(h, NFCT_Q_UPDATE, ct); - - printf("TEST 2: update conntrack (%d)(%s)\n", ret, strerror(errno)); - - nfct_callback_register(h, NFCT_T_ALL, cb, NULL); - ret = nfct_query(h, NFCT_Q_GET, ct); - - printf("TEST 3: get conntrack (%d)(%s)\n", ret, strerror(errno)); - - ret = nfct_query(h, NFCT_Q_DESTROY, ct); - - printf("TEST 4: destroy conntrack (%d)(%s)\n", ret, strerror(errno)); - - nfct_set_attr_u32(ct, ATTR_SNAT_IPV4, inet_addr("8.8.8.8")); - ret = nfct_query(h, NFCT_Q_CREATE, ct); - - printf("TEST 5: create NAT conntrack (%d)(%s)\n", ret, strerror(errno)); - - ret = nfct_query(h, NFCT_Q_GET, ct); - - printf("TEST 6: get NAT conntrack (%d)(%s)\n", ret, strerror(errno)); - - ret = nfct_query(h, NFCT_Q_DESTROY, ct); - - printf("TEST 7: destroy NAT conntrack (%d)(%s)\n",ret,strerror(errno)); - - nfct_close(h); - - h = nfct_open(CONNTRACK, NFCT_ALL_CT_GROUPS); - if (!h) { - perror("nfct_open"); - return -1; - } - - nfct_callback_register(h, NFCT_T_ALL, event_cb, NULL); - - printf("TEST 8: waiting for 10 events...\n"); - - ret = nfct_catch(h); - - printf("TEST 8: OK (%d)(%s)\n", ret, strerror(errno)); - - nfct_close(h); -} -- cgit v1.2.3