summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--utils/.gitignore1
-rw-r--r--utils/Makefile.am4
-rw-r--r--utils/conntrack_dump_filter_tuple.c70
3 files changed, 75 insertions, 0 deletions
diff --git a/utils/.gitignore b/utils/.gitignore
index 63dfcb2..0de05c0 100644
--- a/utils/.gitignore
+++ b/utils/.gitignore
@@ -3,6 +3,7 @@
/conntrack_delete
/conntrack_dump
/conntrack_dump_filter
+/conntrack_dump_filter_tuple
/conntrack_events
/conntrack_filter
/conntrack_flush
diff --git a/utils/Makefile.am b/utils/Makefile.am
index 69bafe6..438ca74 100644
--- a/utils/Makefile.am
+++ b/utils/Makefile.am
@@ -9,6 +9,7 @@ check_PROGRAMS = expect_dump expect_create expect_get expect_delete \
conntrack_master conntrack_filter \
conntrack_grp_create \
conntrack_dump_filter \
+ conntrack_dump_filter_tuple \
ctexp_events
conntrack_grp_create_SOURCES = conntrack_grp_create.c
@@ -35,6 +36,9 @@ conntrack_dump_LDADD = ../src/libnetfilter_conntrack.la
conntrack_dump_filter_SOURCES = conntrack_dump_filter.c
conntrack_dump_filter_LDADD = ../src/libnetfilter_conntrack.la
+conntrack_dump_filter_tuple_SOURCES = conntrack_dump_filter_tuple.c
+conntrack_dump_filter_tuple_LDADD = ../src/libnetfilter_conntrack.la
+
conntrack_flush_SOURCES = conntrack_flush.c
conntrack_flush_LDADD = ../src/libnetfilter_conntrack.la
diff --git a/utils/conntrack_dump_filter_tuple.c b/utils/conntrack_dump_filter_tuple.c
new file mode 100644
index 0000000..44633da
--- /dev/null
+++ b/utils/conntrack_dump_filter_tuple.c
@@ -0,0 +1,70 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <arpa/inet.h>
+
+#include <libnetfilter_conntrack/libnetfilter_conntrack.h>
+
+static int cb(const struct nlmsghdr *nlh,
+ enum nf_conntrack_msg_type type,
+ struct nf_conntrack *ct,
+ void *data)
+{
+ char buf[1024];
+
+ if (!(nlh->nlmsg_flags & NLM_F_DUMP_FILTERED))
+ {
+ fprintf(stderr, "No filtering in kernel, do filtering in userspace\n");
+ return NFCT_CB_FAILURE;
+ }
+
+ nfct_snprintf(buf, sizeof(buf), ct, NFCT_T_UNKNOWN, NFCT_O_DEFAULT, NFCT_OF_SHOW_LAYER3 | NFCT_OF_TIMESTAMP);
+ printf("%s\n", buf);
+
+ return NFCT_CB_CONTINUE;
+}
+
+int main(void)
+{
+ int ret;
+ struct nfct_handle *h;
+
+ h = nfct_open(CONNTRACK, 0);
+ if (!h) {
+ perror("nfct_open");
+ return -1;
+ }
+ struct nfct_filter_dump *filter_dump = nfct_filter_dump_create();
+ if (filter_dump == NULL) {
+ perror("nfct_filter_dump_alloc");
+ return -1;
+ }
+
+ struct nf_conntrack *ct;
+ ct = nfct_new();
+ if (!ct) {
+ perror("nfct_new");
+ return 0;
+ }
+
+ nfct_set_attr_u8(ct, ATTR_ORIG_L3PROTO, AF_INET);
+ nfct_set_attr_u8(ct, ATTR_L4PROTO, IPPROTO_ICMP);
+ nfct_set_attr_u32(ct, ATTR_ORIG_IPV4_DST, inet_addr("203.0.113.55"));
+ nfct_filter_dump_set_attr(filter_dump, NFCT_FILTER_DUMP_TUPLE, ct);
+
+ nfct_callback_register2(h, NFCT_T_ALL, cb, NULL);
+ ret = nfct_query(h, NFCT_Q_DUMP_FILTER, filter_dump);
+
+ nfct_filter_dump_destroy(filter_dump);
+
+ printf("TEST: get conntrack ");
+ if (ret == -1)
+ printf("(%d)(%s)\n", ret, strerror(errno));
+ else
+ printf("(OK)\n");
+
+ nfct_close(h);
+
+ ret == -1 ? exit(EXIT_FAILURE) : exit(EXIT_SUCCESS);
+}
generated by cgit v1.2.3 (git 2.25.0) at 2024-11-22 17:08:52 +0000