00001 #include <stdio.h>
00002 #include <stdlib.h>
00003 #include <string.h>
00004 #include <errno.h>
00005 #include <arpa/inet.h>
00006
00007 #include <libnetfilter_conntrack/libnetfilter_conntrack.h>
00008 #include <libnetfilter_conntrack/libnetfilter_conntrack_tcp.h>
00009
00010 int main(void)
00011 {
00012 int ret;
00013 struct nfct_handle *h;
00014 struct nf_conntrack *ct;
00015
00016 ct = nfct_new();
00017 if (!ct) {
00018 perror("nfct_new");
00019 return 0;
00020 }
00021
00022 struct nfct_attr_grp_ipv4 grp_ipv4 = {
00023 .src = inet_addr("1.1.1.1"),
00024 .dst = inet_addr("2.2.2.2")
00025 };
00026 nfct_set_attr_grp(ct, ATTR_GRP_ORIG_IPV4, &grp_ipv4);
00027
00028 struct nfct_attr_grp_port grp_port = {
00029 .sport = htons(20),
00030 .dport = htons(10)
00031 };
00032 nfct_set_attr_grp(ct, ATTR_GRP_ORIG_PORT, &grp_port);
00033 nfct_set_attr_u8(ct, ATTR_L4PROTO, IPPROTO_TCP);
00034
00035 nfct_setobjopt(ct, NFCT_SOPT_SETUP_REPLY);
00036
00037 nfct_set_attr_u8(ct, ATTR_TCP_STATE, TCP_CONNTRACK_SYN_SENT);
00038 nfct_set_attr_u32(ct, ATTR_TIMEOUT, 100);
00039 nfct_set_attr(ct, ATTR_HELPER_NAME, "ftp");
00040
00041 h = nfct_open(CONNTRACK, 0);
00042 if (!h) {
00043 perror("nfct_open");
00044 return -1;
00045 }
00046
00047 ret = nfct_query(h, NFCT_Q_CREATE, ct);
00048
00049 printf("TEST: create conntrack ");
00050 if (ret == -1)
00051 printf("(%d)(%s)\n", ret, strerror(errno));
00052 else
00053 printf("(OK)\n");
00054
00055 nfct_close(h);
00056
00057 ret == -1 ? exit(EXIT_FAILURE) : exit(EXIT_SUCCESS);
00058 }
