summaryrefslogtreecommitdiffstats
path: root/qa
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2008-11-25 01:03:19 +0100
committerPablo Neira Ayuso <pablo@netfilter.org>2008-11-25 01:03:19 +0100
commit20506e55b12ba22b761a1ad84dc8a47ce8c82f2e (patch)
treea23824017b20e4161e6310fefdfd0a20503fca99 /qa
parent972e6b3c19f3c79b59804308efac447bd2d016ec (diff)
bsf: major rework of the BSF generation code
This patch reworks the BSF automatic generation code. This feature needs more love and it has several limitations like that the maximum number of IPs are 127 due to BSF code restrictions. See this patch as a first step forward. This patch also adds the stack data type, which is used to resolve jump dynamically instead of the previous static approach. This patch also includes fixes in the limitations, previous calculations were wrong. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'qa')
-rw-r--r--qa/Makefile.am6
-rw-r--r--qa/test_filter.c75
2 files changed, 80 insertions, 1 deletions
diff --git a/qa/Makefile.am b/qa/Makefile.am
index 6a9471b..2bf568a 100644
--- a/qa/Makefile.am
+++ b/qa/Makefile.am
@@ -1,7 +1,11 @@
include $(top_srcdir)/Make_global.am
-check_PROGRAMS = test_api
+check_PROGRAMS = test_api test_filter
test_api_SOURCES = test_api.c
test_api_LDADD = ../src/libnetfilter_conntrack.la
test_api_LDFLAGS = -dynamic -ldl
+
+test_filter_SOURCES = test_filter.c
+test_filter_LDADD = ../src/libnetfilter_conntrack.la
+test_filter_LDFLAGS = -dynamic -ldl
diff --git a/qa/test_filter.c b/qa/test_filter.c
new file mode 100644
index 0000000..42d067f
--- /dev/null
+++ b/qa/test_filter.c
@@ -0,0 +1,75 @@
+/*
+ * Test for the filter API
+ */
+
+#include <stdio.h>
+#include <errno.h>
+
+#include <libnetfilter_conntrack/libnetfilter_conntrack.h>
+
+static int event_cb(enum nf_conntrack_msg_type type,
+ struct nf_conntrack *ct,
+ void *data)
+{
+ static int n = 0;
+ char buf[1024];
+
+ nfct_snprintf(buf, 1024, ct, type, NFCT_O_PLAIN, NFCT_OF_TIME);
+ printf("%s\n", buf);
+
+ if (++n == 10)
+ return NFCT_CB_STOP;
+
+ return NFCT_CB_CONTINUE;
+}
+
+int main()
+{
+ int i, ret;
+ struct nfct_handle *h;
+ struct nfct_filter *filter;
+
+ h = nfct_open(CONNTRACK, NF_NETLINK_CONNTRACK_NEW |
+ NF_NETLINK_CONNTRACK_UPDATE);
+ if (!h) {
+ perror("nfct_open");
+ return 0;
+ }
+
+ filter = nfct_filter_create();
+ if (!filter) {
+ perror("nfct_create_filter");
+ return 0;
+ }
+
+ if (nfct_filter_attach(nfct_fd(h), filter) == -1) {
+ perror("nfct_filter_attach");
+ return 0;
+ }
+
+ /* protocol 255 is skipped since we support up to 255 protocols max */
+ for (i=0; i<IPPROTO_MAX; i++)
+ nfct_filter_add_attr_u32(filter,NFCT_FILTER_L4PROTO,i);
+
+ /* up to 127 IP addresses, above that adding is noop */
+ for (i=0; i<128; i++) {
+ /* BSF always wants data in host-byte order */
+ struct nfct_filter_ipv4 fltr_ipv4 = {
+ .addr = ntohl(inet_addr("127.0.0.1")) + i,
+ .mask = 0xffffffff,
+ };
+ nfct_filter_add_attr(filter, NFCT_FILTER_SRC_IPV4, &fltr_ipv4);
+ };
+
+ if (nfct_filter_attach(nfct_fd(h), filter) == -1) {
+ perror("nfct_filter_attach");
+ return 0;
+ }
+
+ nfct_filter_destroy(filter);
+
+ nfct_callback_register(h, NFCT_T_ALL, event_cb, NULL);
+
+ ret = nfct_catch(h);
+ printf("test ret=%d (%s)\n", ret, strerror(errno));
+}