diff options
Diffstat (limited to 'utils')
| -rw-r--r-- | utils/Makefile.am | 32 | ||||
| -rw-r--r-- | utils/ctnl_test.c | 4 | ||||
| -rw-r--r-- | utils/expect_api_test.c | 160 | ||||
| -rw-r--r-- | utils/expect_create.c | 117 | ||||
| -rw-r--r-- | utils/expect_delete.c | 50 | ||||
| -rw-r--r-- | utils/expect_dump.c | 40 | ||||
| -rw-r--r-- | utils/expect_events.c | 48 | ||||
| -rw-r--r-- | utils/expect_flush.c | 27 | ||||
| -rw-r--r-- | utils/expect_get.c | 63 |
9 files changed, 376 insertions, 165 deletions
diff --git a/utils/Makefile.am b/utils/Makefile.am index e2f387d..f01e153 100644 --- a/utils/Makefile.am +++ b/utils/Makefile.am @@ -1,15 +1,37 @@ include $(top_srcdir)/Make_global.am -bin_PROGRAMS = ctnl_test new_api_test expect_api_test +bin_PROGRAMS = ctnl_test new_api_test \ + expect_dump expect_create expect_get expect_delete \ + expect_flush expect_events new_api_test_SOURCES = new_api_test.c new_api_test_LDADD = ../src/libnetfilter_conntrack.la new_api_test_LDFLAGS = -dynamic -ldl -expect_api_test_SOURCES = expect_api_test.c -expect_api_test_LDADD = ../src/libnetfilter_conntrack.la -expect_api_test_LDFLAGS = -dynamic -ldl - ctnl_test_SOURCES = ctnl_test.c ctnl_test_LDADD = ../src/libnetfilter_conntrack.la ctnl_test_LDFLAGS = -dynamic -ldl + +expect_dump_SOURCES = expect_dump.c +expect_dump_LDADD = ../src/libnetfilter_conntrack.la +expect_dump_LDFLAGS = -dynamic -ldl + +expect_create_SOURCES = expect_create.c +expect_create_LDADD = ../src/libnetfilter_conntrack.la +expect_create_LDFLAGS = -dynamic -ldl + +expect_get_SOURCES = expect_get.c +expect_get_LDADD = ../src/libnetfilter_conntrack.la +expect_get_LDFLAGS = -dynamic -ldl + +expect_delete_SOURCES = expect_delete.c +expect_delete_LDADD = ../src/libnetfilter_conntrack.la +expect_delete_LDFLAGS = -dynamic -ldl + +expect_flush_SOURCES = expect_flush.c +expect_flush_LDADD = ../src/libnetfilter_conntrack.la +expect_flush_LDFLAGS = -dynamic -ldl + +expect_events_SOURCES = expect_events.c +expect_events_LDADD = ../src/libnetfilter_conntrack.la +expect_events_LDFLAGS = -dynamic -ldl diff --git a/utils/ctnl_test.c b/utils/ctnl_test.c index 78f26d6..381f697 100644 --- a/utils/ctnl_test.c +++ b/utils/ctnl_test.c @@ -7,6 +7,10 @@ * (at your option) any later version. * * libnetfilter_conntrack test file: yet incomplete + * + * XXX: This is the test file for the *old* libnetfilter_conntrack API. + * Please, do not use this API for new applications since the old + * API will be removed soon. */ #include <stdio.h> diff --git a/utils/expect_api_test.c b/utils/expect_api_test.c deleted file mode 100644 index e075b10..0000000 --- a/utils/expect_api_test.c +++ /dev/null @@ -1,160 +0,0 @@ -#include <stdio.h> -#include <stdlib.h> -#include <errno.h> - -#include <libnetfilter_conntrack/libnetfilter_conntrack.h> -#include <libnetfilter_conntrack/libnetfilter_conntrack_tcp.h> - -static int cb(enum nf_conntrack_msg_type type, - struct nf_expect *exp, - void *data) -{ - char buf[1024]; - - nfexp_snprintf(buf, 1024, exp, NFCT_T_UNKNOWN, NFCT_O_DEFAULT, 0); - printf("%s\n", buf); - - return NFCT_CB_CONTINUE; -} - -static int event_cb(enum nf_conntrack_msg_type type, - struct nf_expect *exp, - void *data) -{ - static int n = 0; - char buf[1024]; - - nfexp_snprintf(buf, 1024, exp, type, NFCT_O_DEFAULT, 0); - printf("%s\n", buf); - - if (++n == 10) - return NFCT_CB_STOP; - - return NFCT_CB_CONTINUE; -} - -int main() -{ - int ret; - u_int8_t family = AF_INET; - struct nfct_handle *h; - struct nf_conntrack *master, *expected, *mask; - struct nf_expect *exp; - char buf[1024]; - - printf("Test for NEW expectation libnetfilter_conntrack API\n"); - printf("===================================================\n"); - - master = nfct_new(); - if (!master) { - perror("nfct_new"); - exit(EXIT_FAILURE); - } - - nfct_set_attr_u8(master, ATTR_ORIG_L3PROTO, AF_INET); - nfct_set_attr_u32(master, ATTR_ORIG_IPV4_SRC, inet_addr("1.1.1.1")); - nfct_set_attr_u32(master, ATTR_ORIG_IPV4_DST, inet_addr("2.2.2.2")); - - nfct_set_attr_u8(master, ATTR_ORIG_L4PROTO, IPPROTO_TCP); - nfct_set_attr_u16(master, ATTR_ORIG_PORT_SRC, htons(1025)); - nfct_set_attr_u16(master, ATTR_ORIG_PORT_DST, htons(21)); - - nfct_set_attr_u8(master, ATTR_REPL_L3PROTO, AF_INET); - nfct_set_attr_u32(master, ATTR_REPL_IPV4_SRC, inet_addr("2.2.2.2")); - nfct_set_attr_u32(master, ATTR_REPL_IPV4_DST, inet_addr("1.1.1.1")); - - nfct_set_attr_u8(master, ATTR_REPL_L4PROTO, IPPROTO_TCP); - nfct_set_attr_u16(master, ATTR_REPL_PORT_SRC, htons(21)); - nfct_set_attr_u16(master, ATTR_REPL_PORT_DST, htons(1025)); - - nfct_set_attr_u8(master, ATTR_TCP_STATE, TCP_CONNTRACK_LISTEN); - nfct_set_attr_u32(master, ATTR_TIMEOUT, 200); - - h = nfct_open(CONNTRACK, 0); - if (!h) { - perror("nfct_open"); - return -1; - } - - ret = nfct_query(h, NFCT_Q_CREATE, master); - - printf("TEST 1: create conntrack (%d)(%s)\n", ret, strerror(errno)); - - nfct_close(h); - - expected = nfct_new(); - if (!expected) { - perror("nfct_new"); - exit(EXIT_FAILURE); - } - - nfct_set_attr_u8(expected, ATTR_ORIG_L3PROTO, AF_INET); - nfct_set_attr_u32(expected, ATTR_ORIG_IPV4_SRC, inet_addr("4.4.4.4")); - nfct_set_attr_u32(expected, ATTR_ORIG_IPV4_DST, inet_addr("5.5.5.5")); - - nfct_set_attr_u8(expected, ATTR_ORIG_L4PROTO, IPPROTO_TCP); - nfct_set_attr_u16(expected, ATTR_ORIG_PORT_SRC, htons(10240)); - nfct_set_attr_u16(expected, ATTR_ORIG_PORT_DST, htons(10241)); - - mask = nfct_new(); - if (!mask) { - perror("nfct_new"); - exit(EXIT_FAILURE); - } - - nfct_set_attr_u8(mask, ATTR_ORIG_L3PROTO, AF_INET); - nfct_set_attr_u32(mask, ATTR_ORIG_IPV4_SRC, 0xffffffff); - nfct_set_attr_u32(mask, ATTR_ORIG_IPV4_DST, 0xffffffff); - - nfct_set_attr_u8(mask, ATTR_ORIG_L4PROTO, IPPROTO_TCP); - nfct_set_attr_u16(mask, ATTR_ORIG_PORT_SRC, 0xffff); - nfct_set_attr_u16(mask, ATTR_ORIG_PORT_DST, 0xffff); - - exp = nfexp_new(); - if (!exp) { - perror("nfexp_new"); - exit(EXIT_FAILURE); - } - - nfexp_set_attr(exp, ATTR_EXP_MASTER, master); - nfexp_set_attr(exp, ATTR_EXP_EXPECTED, expected); - nfexp_set_attr(exp, ATTR_EXP_MASK, mask); - nfexp_set_attr_u32(exp, ATTR_EXP_TIMEOUT, 200); - - h = nfct_open(EXPECT, 0); - if (!h) { - perror("nfct_open"); - return -1; - } - - ret = nfexp_query(h, NFCT_Q_CREATE, exp); - - printf("TEST 2: create expectation (%d)(%s)\n", ret, strerror(errno)); - - nfexp_callback_register(h, NFCT_T_ALL, cb, NULL); - ret = nfexp_query(h, NFCT_Q_GET, exp); - - printf("TEST 3: get expectation (%d)(%s)\n", ret, strerror(errno)); - - ret = nfexp_query(h, NFCT_Q_DESTROY, exp); - - printf("TEST 4: destroy expectation (%d)(%s)\n", ret, strerror(errno)); - - nfct_close(h); - - h = nfct_open(EXPECT, NF_NETLINK_CONNTRACK_EXP_NEW); - if (!h) { - perror("nfct_open"); - return -1; - } - - nfexp_callback_register(h, NFCT_T_ALL, event_cb, NULL); - - printf("TEST 5: waiting for 10 events...\n"); - - ret = nfexp_catch(h); - - printf("TEST 5: OK (%d)(%s)\n", ret, strerror(errno)); - - nfct_close(h); -} diff --git a/utils/expect_create.c b/utils/expect_create.c new file mode 100644 index 0000000..9663958 --- /dev/null +++ b/utils/expect_create.c @@ -0,0 +1,117 @@ +#include <stdio.h> +#include <stdlib.h> +#include <errno.h> + +#include <libnetfilter_conntrack/libnetfilter_conntrack.h> +#include <libnetfilter_conntrack/libnetfilter_conntrack_tcp.h> + +int main() +{ + int ret; + struct nfct_handle *h; + struct nf_conntrack *master, *expected, *mask; + struct nf_expect *exp; + + /* + * Step 1: Setup master conntrack + */ + + master = nfct_new(); + if (!master) { + perror("nfct_new"); + exit(EXIT_FAILURE); + } + + nfct_set_attr_u8(master, ATTR_ORIG_L3PROTO, AF_INET); + nfct_set_attr_u32(master, ATTR_ORIG_IPV4_SRC, inet_addr("1.1.1.1")); + nfct_set_attr_u32(master, ATTR_ORIG_IPV4_DST, inet_addr("2.2.2.2")); + + nfct_set_attr_u8(master, ATTR_ORIG_L4PROTO, IPPROTO_TCP); + nfct_set_attr_u16(master, ATTR_ORIG_PORT_SRC, htons(1025)); + nfct_set_attr_u16(master, ATTR_ORIG_PORT_DST, htons(21)); + + nfct_set_attr_u8(master, ATTR_REPL_L3PROTO, AF_INET); + nfct_set_attr_u32(master, ATTR_REPL_IPV4_SRC, inet_addr("2.2.2.2")); + nfct_set_attr_u32(master, ATTR_REPL_IPV4_DST, inet_addr("1.1.1.1")); + + nfct_set_attr_u8(master, ATTR_REPL_L4PROTO, IPPROTO_TCP); + nfct_set_attr_u16(master, ATTR_REPL_PORT_SRC, htons(21)); + nfct_set_attr_u16(master, ATTR_REPL_PORT_DST, htons(1025)); + + nfct_set_attr_u8(master, ATTR_TCP_STATE, TCP_CONNTRACK_LISTEN); + nfct_set_attr_u32(master, ATTR_TIMEOUT, 200); + + h = nfct_open(CONNTRACK, 0); + if (!h) { + perror("nfct_open"); + return -1; + } + + ret = nfct_query(h, NFCT_Q_CREATE, master); + + printf("TEST: add master conntrack (%d)(%s)\n", ret, strerror(errno)); + + nfct_close(h); + + expected = nfct_new(); + if (!expected) { + perror("nfct_new"); + exit(EXIT_FAILURE); + } + + nfct_set_attr_u8(expected, ATTR_L3PROTO, AF_INET); + nfct_set_attr_u32(expected, ATTR_IPV4_SRC, inet_addr("4.4.4.4")); + nfct_set_attr_u32(expected, ATTR_IPV4_DST, inet_addr("5.5.5.5")); + + nfct_set_attr_u8(expected, ATTR_L4PROTO, IPPROTO_TCP); + nfct_set_attr_u16(expected, ATTR_PORT_SRC, htons(10240)); + nfct_set_attr_u16(expected, ATTR_PORT_DST, htons(10241)); + + mask = nfct_new(); + if (!mask) { + perror("nfct_new"); + exit(EXIT_FAILURE); + } + + nfct_set_attr_u8(mask, ATTR_L3PROTO, AF_INET); + nfct_set_attr_u32(mask, ATTR_IPV4_SRC, 0xffffffff); + nfct_set_attr_u32(mask, ATTR_IPV4_DST, 0xffffffff); + + nfct_set_attr_u8(mask, ATTR_L4PROTO, IPPROTO_TCP); + nfct_set_attr_u16(mask, ATTR_PORT_SRC, 0xffff); + nfct_set_attr_u16(mask, ATTR_PORT_DST, 0xffff); + + /* + * Step 2: Setup expectation + */ + + exp = nfexp_new(); + if (!exp) { + perror("nfexp_new"); + exit(EXIT_FAILURE); + } + + nfexp_set_attr(exp, ATTR_EXP_MASTER, master); + nfexp_set_attr(exp, ATTR_EXP_EXPECTED, expected); + nfexp_set_attr(exp, ATTR_EXP_MASK, mask); + nfexp_set_attr_u32(exp, ATTR_EXP_TIMEOUT, 200); + + nfct_destroy(master); + nfct_destroy(expected); + nfct_destroy(mask); + + h = nfct_open(EXPECT, 0); + if (!h) { + perror("nfct_open"); + return -1; + } + + ret = nfexp_query(h, NFCT_Q_CREATE, exp); + + printf("TEST: create expectation (%d)(%s)\n", ret, strerror(errno)); + + if (ret == -1) + exit(EXIT_FAILURE); + + exit(EXIT_SUCCESS); +} diff --git a/utils/expect_delete.c b/utils/expect_delete.c new file mode 100644 index 0000000..e6255da --- /dev/null +++ b/utils/expect_delete.c @@ -0,0 +1,50 @@ +#include <stdio.h> +#include <stdlib.h> +#include <errno.h> + +#include <libnetfilter_conntrack/libnetfilter_conntrack.h> + +int main() +{ + int ret; + struct nfct_handle *h; + struct nf_conntrack *expected; + struct nf_expect *exp; + + expected = nfct_new(); + if (!expected) { + perror("nfct_new"); + exit(EXIT_FAILURE); + } + + nfct_set_attr_u8(expected, ATTR_L3PROTO, AF_INET); + nfct_set_attr_u32(expected, ATTR_IPV4_SRC, inet_addr("4.4.4.4")); + nfct_set_attr_u32(expected, ATTR_IPV4_DST, inet_addr("5.5.5.5")); + + nfct_set_attr_u8(expected, ATTR_L4PROTO, IPPROTO_TCP); + nfct_set_attr_u16(expected, ATTR_PORT_SRC, htons(10240)); + nfct_set_attr_u16(expected, ATTR_PORT_DST, htons(10241)); + + exp = nfexp_new(); + if (!exp) { + perror("nfexp_new"); + exit(EXIT_FAILURE); + } + + nfexp_set_attr(exp, ATTR_EXP_EXPECTED, expected); + + h = nfct_open(EXPECT, 0); + if (!h) { + perror("nfct_open"); + return -1; + } + + ret = nfexp_query(h, NFCT_Q_DESTROY, exp); + + printf("TEST: delete expectation (%d)(%s)\n", ret, strerror(errno)); + + if (ret == -1) + exit(EXIT_FAILURE); + + exit(EXIT_SUCCESS); +} diff --git a/utils/expect_dump.c b/utils/expect_dump.c new file mode 100644 index 0000000..d636d18 --- /dev/null +++ b/utils/expect_dump.c @@ -0,0 +1,40 @@ +#include <stdio.h> +#include <stdlib.h> +#include <errno.h> + +#include <libnetfilter_conntrack/libnetfilter_conntrack.h> + +static int cb(enum nf_conntrack_msg_type type, + struct nf_expect *exp, + void *data) +{ + char buf[1024]; + + nfexp_snprintf(buf, 1024, exp, NFCT_T_UNKNOWN, NFCT_O_DEFAULT, 0); + printf("%s\n", buf); + + return NFCT_CB_CONTINUE; +} + +int main() +{ + int ret; + u_int8_t family = AF_INET; + struct nfct_handle *h; + + h = nfct_open(EXPECT, 0); + if (!h) { + perror("nfct_open"); + return -1; + } + + nfexp_callback_register(h, NFCT_T_ALL, cb, NULL); + ret = nfexp_query(h, NFCT_Q_DUMP, &family); + + printf("TEST: get expectation (%d)(%s)\n", ret, strerror(errno)); + + if (ret == -1) + exit(EXIT_FAILURE); + + exit(EXIT_SUCCESS); +} diff --git a/utils/expect_events.c b/utils/expect_events.c new file mode 100644 index 0000000..956ca42 --- /dev/null +++ b/utils/expect_events.c @@ -0,0 +1,48 @@ +#include <stdio.h> +#include <stdlib.h> +#include <errno.h> + +#include <libnetfilter_conntrack/libnetfilter_conntrack.h> + +static int event_cb(enum nf_conntrack_msg_type type, + struct nf_expect *exp, + void *data) +{ + static int n = 0; + char buf[1024]; + + nfexp_snprintf(buf, 1024, exp, type, NFCT_O_DEFAULT, 0); + printf("%s\n", buf); + + if (++n == 10) + return NFCT_CB_STOP; + + return NFCT_CB_CONTINUE; +} + +int main() +{ + int ret; + struct nfct_handle *h; + + h = nfct_open(EXPECT, NF_NETLINK_CONNTRACK_EXP_NEW); + if (!h) { + perror("nfct_open"); + return -1; + } + + nfexp_callback_register(h, NFCT_T_ALL, event_cb, NULL); + + printf("TEST: waiting for 10 expectation events...\n"); + + ret = nfexp_catch(h); + + printf("TEST: OK (%d)(%s)\n", ret, strerror(errno)); + + nfct_close(h); + + if (ret == -1) + exit(EXIT_FAILURE); + + exit(EXIT_SUCCESS); +} diff --git a/utils/expect_flush.c b/utils/expect_flush.c new file mode 100644 index 0000000..22ae3d3 --- /dev/null +++ b/utils/expect_flush.c @@ -0,0 +1,27 @@ +#include <stdio.h> +#include <stdlib.h> +#include <errno.h> + +#include <libnetfilter_conntrack/libnetfilter_conntrack.h> + +int main() +{ + int ret; + u_int8_t family = AF_INET; + struct nfct_handle *h; + + h = nfct_open(EXPECT, 0); + if (!h) { + perror("nfct_open"); + return -1; + } + + ret = nfexp_query(h, NFCT_Q_FLUSH, &family); + + printf("TEST: flush expectation (%d)(%s)\n", ret, strerror(errno)); + + if (ret == -1) + exit(EXIT_FAILURE); + + exit(EXIT_SUCCESS); +} diff --git a/utils/expect_get.c b/utils/expect_get.c new file mode 100644 index 0000000..b9518bc --- /dev/null +++ b/utils/expect_get.c @@ -0,0 +1,63 @@ +#include <stdio.h> +#include <stdlib.h> +#include <errno.h> + +#include <libnetfilter_conntrack/libnetfilter_conntrack.h> + +static int cb(enum nf_conntrack_msg_type type, + struct nf_expect *exp, + void *data) +{ + char buf[1024]; + + nfexp_snprintf(buf, 1024, exp, NFCT_T_UNKNOWN, NFCT_O_DEFAULT, 0); + printf("%s\n", buf); + + return NFCT_CB_CONTINUE; +} + +int main() +{ + int ret; + struct nfct_handle *h; + struct nf_conntrack *master; + struct nf_expect *exp; + + master = nfct_new(); + if (!master) { + perror("nfct_new"); + exit(EXIT_FAILURE); + } + + nfct_set_attr_u8(master, ATTR_L3PROTO, AF_INET); + nfct_set_attr_u32(master, ATTR_IPV4_SRC, inet_addr("4.4.4.4")); + nfct_set_attr_u32(master, ATTR_IPV4_DST, inet_addr("5.5.5.5")); + + nfct_set_attr_u8(master, ATTR_L4PROTO, IPPROTO_TCP); + nfct_set_attr_u16(master, ATTR_PORT_SRC, htons(10240)); + nfct_set_attr_u16(master, ATTR_PORT_DST, htons(10241)); + + exp = nfexp_new(); + if (!exp) { + perror("nfexp_new"); + exit(EXIT_FAILURE); + } + + nfexp_set_attr(exp, ATTR_EXP_MASTER, master); + + h = nfct_open(EXPECT, 0); + if (!h) { + perror("nfct_open"); + return -1; + } + + nfexp_callback_register(h, NFCT_T_ALL, cb, NULL); + ret = nfexp_query(h, NFCT_Q_GET, exp); + + printf("TEST: get expectation (%d)(%s)\n", ret, strerror(errno)); + + if (ret == -1) + exit(EXIT_FAILURE); + + exit(EXIT_SUCCESS); +} |