5 #include <netinet/in.h>
7 #include <libmnl/libmnl.h>
8 #include <libnetfilter_conntrack/libnetfilter_conntrack.h>
12 static void tcp_echo_before_fin(
const struct mnl_socket *nl,
13 const char *pre,
const char *post)
15 uint8_t proto = IPPROTO_TCP;
18 timeout.tv_sec = INIT_TIMEOUT;
19 handle_qacb(nl,
true, cb_tcp_new, &proto);
20 handle_qacb(nl,
true, cb_tcp_syn_recv, &proto);
21 handle_qacb(nl,
true, cb_tcp_established, &proto);
22 handle_qacb(nl,
false, NULL, NULL);
26 static void tcp_echo_after_fin(
const struct mnl_socket *nl,
27 const char *pre,
const char *post)
29 uint8_t proto = IPPROTO_TCP;
32 timeout.tv_sec = INIT_TIMEOUT;
33 handle_qacb(nl,
true, cb_tcp_fin_wait, &proto);
34 handle_qacb(nl,
true, cb_tcp_close_wait, &proto);
35 handle_qacb(nl,
true, cb_tcp_close, &proto);
36 handle_qacb(nl,
true, cb_tcp_destroy, &proto);
37 handle_qacb(nl,
false, NULL, NULL);
41 static void filter_mark_zero(
const struct mnl_socket *nl,
42 const char *pre,
const char *post)
50 tcp_echo(nl, pre, post);
54 static void filter_mark_1_1(
const struct mnl_socket *nl,
55 const char *pre,
const char *post)
63 tcp_echo_after_fin(nl, pre, post);
67 static void filter_mark_neg_1_1(
const struct mnl_socket *nl,
68 const char *pre,
const char *post)
75 NFCT_FILTER_LOGIC_NEGATIVE) != -1);
78 tcp_echo_before_fin(nl, pre, post);
82 static void filter_mark_neg_0_fffffffd(
const struct mnl_socket *nl,
83 const char *pre,
const char *post)
90 NFCT_FILTER_LOGIC_NEGATIVE) != -1);
93 tcp_echo_after_fin(nl, pre, post);
97 static void filter_mark_max(
const struct mnl_socket *nl,
98 const char *pre,
const char *post)
104 for (i = 0; i < 126; i++) {
120 tcp_echo_after_fin(nl, pre, post);
124 int main(
int argc,
char *argv[])
126 struct mnl_socket *nl;
130 fprintf(stderr,
"usage: %s <netns> <pre_fifo> <post_fifo>\n", argv[0]);
136 nl = mnl_event_nssocket(argv[1]);
138 perror(
"init_mnl_socket");
142 filter_mark_zero(nl, pre, post);
143 filter_mark_1_1(nl, pre, post);
144 filter_mark_neg_1_1(nl, pre, post);
145 filter_mark_neg_0_fffffffd(nl, pre, post);
146 filter_mark_max(nl, pre, post);
148 return fini_nssocket();
void nfct_filter_destroy(struct nfct_filter *filter)
void nfct_filter_add_attr(struct nfct_filter *filter, const enum nfct_filter_attr attr, const void *value)
struct nfct_filter * nfct_filter_create(void)
int nfct_filter_set_logic(struct nfct_filter *filter, const enum nfct_filter_attr attr, const enum nfct_filter_logic logic)
int nfct_filter_attach(int fd, struct nfct_filter *filter)
int nfct_filter_detach(int fd)