static void
nftnl_expr_queue_build(struct nlmsghdr *nlh, struct nftnl_expr *e)
{
struct nftnl_expr_queue *queue = nftnl_expr_data(e);
if (e->flags & (1 << NFTNL_EXPR_QUEUE_NUM))
mnl_attr_put_u16(nlh, NFTA_QUEUE_NUM, htons(queue->queuenum));
if (e->flags & (1 << NFTNL_EXPR_QUEUE_TOTAL))
mnl_attr_put_u16(nlh, NFTA_QUEUE_TOTAL, htons(queue->queues_total));
if (e->flags & (1 << NFTNL_EXPR_QUEUE_FLAGS))
mnl_attr_put_u16(nlh, NFTA_QUEUE_FLAGS, htons(queue->flags));
}
static void put_msg(char *buf, uint16_t i, int seq)
{
struct nlmsghdr *nlh;
struct nfgenmsg *nfh;
struct nlattr *nest1, *nest2;
nlh = mnl_nlmsg_put_header(buf);
nlh->nlmsg_type = (NFNL_SUBSYS_CTNETLINK << 8) | IPCTNL_MSG_CT_NEW;
nlh->nlmsg_flags = NLM_F_REQUEST|NLM_F_CREATE|NLM_F_EXCL|NLM_F_ACK;
nlh->nlmsg_seq = seq;
nfh = mnl_nlmsg_put_extra_header(nlh, sizeof(struct nfgenmsg));
nfh->nfgen_family = AF_INET;
nfh->version = NFNETLINK_V0;
nfh->res_id = 0;
nest1 = mnl_attr_nest_start(nlh, CTA_TUPLE_ORIG);
nest2 = mnl_attr_nest_start(nlh, CTA_TUPLE_IP);
mnl_attr_put_u32(nlh, CTA_IP_V4_SRC, inet_addr("1.1.1.1"));
mnl_attr_put_u32(nlh, CTA_IP_V4_DST, inet_addr("2.2.2.2"));
mnl_attr_nest_end(nlh, nest2);
nest2 = mnl_attr_nest_start(nlh, CTA_TUPLE_PROTO);
mnl_attr_put_u8(nlh, CTA_PROTO_NUM, IPPROTO_TCP);
mnl_attr_put_u16(nlh, CTA_PROTO_SRC_PORT, htons(i));
mnl_attr_put_u16(nlh, CTA_PROTO_DST_PORT, htons(1025));
mnl_attr_nest_end(nlh, nest2);
mnl_attr_nest_end(nlh, nest1);
nest1 = mnl_attr_nest_start(nlh, CTA_TUPLE_REPLY);
nest2 = mnl_attr_nest_start(nlh, CTA_TUPLE_IP);
mnl_attr_put_u32(nlh, CTA_IP_V4_SRC, inet_addr("2.2.2.2"));
mnl_attr_put_u32(nlh, CTA_IP_V4_DST, inet_addr("1.1.1.1"));
mnl_attr_nest_end(nlh, nest2);
nest2 = mnl_attr_nest_start(nlh, CTA_TUPLE_PROTO);
mnl_attr_put_u8(nlh, CTA_PROTO_NUM, IPPROTO_TCP);
mnl_attr_put_u16(nlh, CTA_PROTO_SRC_PORT, htons(1025));
mnl_attr_put_u16(nlh, CTA_PROTO_DST_PORT, htons(i));
mnl_attr_nest_end(nlh, nest2);
mnl_attr_nest_end(nlh, nest1);
nest1 = mnl_attr_nest_start(nlh, CTA_PROTOINFO);
nest2 = mnl_attr_nest_start(nlh, CTA_PROTOINFO_TCP);
mnl_attr_put_u8(nlh, CTA_PROTOINFO_TCP_STATE, TCP_CONNTRACK_SYN_SENT);
mnl_attr_nest_end(nlh, nest2);
mnl_attr_nest_end(nlh, nest1);
mnl_attr_put_u32(nlh, CTA_STATUS, htonl(IPS_CONFIRMED));
mnl_attr_put_u32(nlh, CTA_TIMEOUT, htonl(1000));
}
static void
nft_rule_expr_log_build(struct nlmsghdr *nlh, struct nft_rule_expr *e)
{
struct nft_expr_log *log = nft_expr_data(e);
if (e->flags & (1 << NFT_EXPR_LOG_PREFIX))
mnl_attr_put_strz(nlh, NFTA_LOG_PREFIX, log->prefix);
if (e->flags & (1 << NFT_EXPR_LOG_GROUP))
mnl_attr_put_u16(nlh, NFTA_LOG_GROUP, htons(log->group));
if (e->flags & (1 << NFT_EXPR_LOG_SNAPLEN))
mnl_attr_put_u32(nlh, NFTA_LOG_SNAPLEN, htonl(log->snaplen));
if (e->flags & (1 << NFT_EXPR_LOG_QTHRESHOLD))
mnl_attr_put_u16(nlh, NFTA_LOG_QTHRESHOLD, htons(log->qthreshold));
if (e->flags & (1 << NFT_EXPR_LOG_LEVEL))
mnl_attr_put_u32(nlh, NFTA_LOG_LEVEL, htonl(log->level));
if (e->flags & (1 << NFT_EXPR_LOG_FLAGS))
mnl_attr_put_u32(nlh, NFTA_LOG_FLAGS, htonl(log->flags));
}
static int
nfct_build_protonat(struct nlmsghdr *nlh, const struct nf_conntrack *ct,
const struct __nfct_nat *nat)
{
struct nlattr *nest;
nest = mnl_attr_nest_start(nlh, CTA_NAT_PROTO);
switch (ct->head.orig.protonum) {
case IPPROTO_TCP:
case IPPROTO_UDP:
mnl_attr_put_u16(nlh, CTA_PROTONAT_PORT_MIN,
nat->l4min.tcp.port);
mnl_attr_put_u16(nlh, CTA_PROTONAT_PORT_MAX,
nat->l4max.tcp.port);
break;
}
mnl_attr_nest_end(nlh, nest);
return 0;
}
static int
nfct_build_tuple_proto(struct nlmsghdr *nlh, const struct __nfct_tuple *t)
{
struct nlattr *nest;
nest = mnl_attr_nest_start(nlh, CTA_TUPLE_PROTO);
if (nest == NULL)
return -1;
mnl_attr_put_u8(nlh, CTA_PROTO_NUM, t->protonum);
switch(t->protonum) {
case IPPROTO_UDP:
case IPPROTO_TCP:
case IPPROTO_SCTP:
case IPPROTO_DCCP:
case IPPROTO_GRE:
case IPPROTO_UDPLITE:
mnl_attr_put_u16(nlh, CTA_PROTO_SRC_PORT, t->l4src.tcp.port);
mnl_attr_put_u16(nlh, CTA_PROTO_DST_PORT, t->l4dst.tcp.port);
break;
case IPPROTO_ICMP:
mnl_attr_put_u8(nlh, CTA_PROTO_ICMP_CODE, t->l4dst.icmp.code);
mnl_attr_put_u8(nlh, CTA_PROTO_ICMP_TYPE, t->l4dst.icmp.type);
mnl_attr_put_u16(nlh, CTA_PROTO_ICMP_ID, t->l4src.icmp.id);
break;
case IPPROTO_ICMPV6:
mnl_attr_put_u8(nlh, CTA_PROTO_ICMPV6_CODE, t->l4dst.icmp.code);
mnl_attr_put_u8(nlh, CTA_PROTO_ICMPV6_TYPE, t->l4dst.icmp.type);
mnl_attr_put_u16(nlh, CTA_PROTO_ICMPV6_ID, t->l4src.icmp.id);
break;
default:
mnl_attr_nest_cancel(nlh, nest);
return -1;
}
mnl_attr_nest_end(nlh, nest);
return 0;
}
static int get_family(void)
{
int err;
int nl_family;
struct nlmsghdr *nlh;
struct genlmsghdr *genl;
char buf[MNL_SOCKET_BUFFER_SIZE];
nlh = mnl_nlmsg_put_header(buf);
nlh->nlmsg_type = GENL_ID_CTRL;
nlh->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK;
genl = mnl_nlmsg_put_extra_header(nlh, sizeof(struct genlmsghdr));
genl->cmd = CTRL_CMD_GETFAMILY;
genl->version = 1;
mnl_attr_put_u16(nlh, CTRL_ATTR_FAMILY_ID, GENL_ID_CTRL);
mnl_attr_put_strz(nlh, CTRL_ATTR_FAMILY_NAME, TIPC_GENL_V2_NAME);
if ((err = msg_query(nlh, family_id_cb, &nl_family)))
return err;
return nl_family;
}
static int
nfct_build_zone(struct nlmsghdr *nlh, const struct nf_conntrack *ct)
{
mnl_attr_put_u16(nlh, CTA_ZONE, htons(ct->zone));
return 0;
}
