From 62ed08f2d25ef0f332fe65fd40a97ff4dc4eda93 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Thu, 9 Feb 2012 18:56:59 +0100
Subject: conntrack: add support for CTA_MARK_MASK and filtered dumping

This patch adds the infrastructure to allow filtered dumping.

See utils/conntrack_dump_filter.c for instance.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 utils/Makefile.am             |  5 ++++
 utils/conntrack_dump_filter.c | 58 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 63 insertions(+)
 create mode 100644 utils/conntrack_dump_filter.c

(limited to 'utils')

diff --git a/utils/Makefile.am b/utils/Makefile.am
index dcb3fec..35a7e0a 100644
--- a/utils/Makefile.am
+++ b/utils/Makefile.am
@@ -7,6 +7,7 @@ check_PROGRAMS = expect_dump expect_create expect_get expect_delete \
 	       conntrack_get conntrack_events \
 	       conntrack_master conntrack_filter \
 	       conntrack_grp_create \
+	       conntrack_dump_filter \
 	       ctexp_events
 
 conntrack_grp_create_SOURCES = conntrack_grp_create.c
@@ -37,6 +38,10 @@ conntrack_dump_SOURCES = conntrack_dump.c
 conntrack_dump_LDADD = ../src/libnetfilter_conntrack.la
 conntrack_dump_LDFLAGS = -dynamic -ldl
 
+conntrack_dump_filter_SOURCES = conntrack_dump_filter.c
+conntrack_dump_filter_LDADD = ../src/libnetfilter_conntrack.la
+conntrack_dump_filter_LDFLAGS = -dynamic -ldl
+
 conntrack_flush_SOURCES = conntrack_flush.c
 conntrack_flush_LDADD = ../src/libnetfilter_conntrack.la
 conntrack_flush_LDFLAGS = -dynamic -ldl
diff --git a/utils/conntrack_dump_filter.c b/utils/conntrack_dump_filter.c
new file mode 100644
index 0000000..41e3f0c
--- /dev/null
+++ b/utils/conntrack_dump_filter.c
@@ -0,0 +1,58 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+
+#include <libnetfilter_conntrack/libnetfilter_conntrack.h>
+
+static int cb(enum nf_conntrack_msg_type type,
+	      struct nf_conntrack *ct,
+	      void *data)
+{
+	char buf[1024];
+
+	nfct_snprintf(buf, sizeof(buf), ct, NFCT_T_UNKNOWN, NFCT_O_DEFAULT, NFCT_OF_SHOW_LAYER3 | NFCT_OF_TIMESTAMP);
+	printf("%s\n", buf);
+
+	return NFCT_CB_CONTINUE;
+}
+
+int main(void)
+{
+	int ret;
+	struct nfct_handle *h;
+
+	h = nfct_open(CONNTRACK, 0);
+	if (!h) {
+		perror("nfct_open");
+		return -1;
+	}
+	struct nfct_filter_dump *filter_dump = nfct_filter_dump_create();
+	if (filter_dump == NULL) {
+		perror("nfct_filter_dump_alloc");
+		return -1;
+	}
+	struct nfct_filter_dump_mark filter_dump_mark = {
+		.val = 1,
+		.mask = 0xffffffff,
+	};
+	nfct_filter_dump_set_attr(filter_dump, NFCT_FILTER_DUMP_MARK,
+					&filter_dump_mark);
+	nfct_filter_dump_set_attr_u8(filter_dump, NFCT_FILTER_DUMP_L3NUM,
+					AF_INET);
+
+	nfct_callback_register(h, NFCT_T_ALL, cb, NULL);
+	ret = nfct_query(h, NFCT_Q_DUMP_FILTER, filter_dump);
+
+	nfct_filter_dump_destroy(filter_dump);
+
+	printf("TEST: get conntrack ");
+	if (ret == -1)
+		printf("(%d)(%s)\n", ret, strerror(errno));
+	else
+		printf("(OK)\n");
+
+	nfct_close(h);
+
+	ret == -1 ? exit(EXIT_FAILURE) : exit(EXIT_SUCCESS);
+}
-- 
cgit v1.2.3