summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFlorian Westphal <fw@strlen.de>2017-06-21 20:34:19 +0200
committerFlorian Westphal <fw@strlen.de>2017-06-21 20:44:22 +0200
commit003c2b107c185fb818f082c499c77b7188c7d5f7 (patch)
tree3079e6a5a9da54abd3e8efd5e3e08513b58b5c09
parente84b55978504a05c687dd636c1c526a99a34019e (diff)
examples: set dummy connmark value to show use of NFQA_CT nested attribute
We can now get/set conntrack attributes via nfqueue, show a minimal example that sets the connmark from userspace. Signed-off-by: Florian Westphal <fw@strlen.de>
-rw-r--r--examples/nf-queue.c14
1 files changed, 14 insertions, 0 deletions
diff --git a/examples/nf-queue.c b/examples/nf-queue.c
index d6c4b63..c2bc6cc 100644
--- a/examples/nf-queue.c
+++ b/examples/nf-queue.c
@@ -15,6 +15,9 @@
#include <libnetfilter_queue/libnetfilter_queue.h>
+/* only for NFQA_CT, not needed otherwise: */
+#include <linux/netfilter/nfnetlink_conntrack.h>
+
static struct mnl_socket *nl;
static struct nlmsghdr *
@@ -37,10 +40,21 @@ nfq_send_verdict(int queue_num, uint32_t id)
{
char buf[MNL_SOCKET_BUFFER_SIZE];
struct nlmsghdr *nlh;
+ struct nlattr *nest;
nlh = nfq_hdr_put(buf, NFQNL_MSG_VERDICT, queue_num);
nfq_nlmsg_verdict_put(nlh, id, NF_ACCEPT);
+ /* example to set the connmark. First, start NFQA_CT section: */
+ nest = mnl_attr_nest_start(nlh, NFQA_CT);
+
+ /* then, add the connmark attribute: */
+ mnl_attr_put_u32(nlh, CTA_MARK, htonl(42));
+ /* more conntrack attributes, e.g. CTA_LABEL, could be set here */
+
+ /* end conntrack section */
+ mnl_attr_nest_end(nlh, nest);
+
if (mnl_socket_sendto(nl, nlh, nlh->nlmsg_len) < 0) {
perror("mnl_socket_send");
exit(EXIT_FAILURE);