/**
* nfexp_clone - clone a expectation object
* \param exp pointer to a valid expectation object
*
* On error, NULL is returned and errno is appropiately set. Otherwise,
* a valid pointer to the clone expect is returned.
*/
struct nf_expect *nfexp_clone(const struct nf_expect *exp)
{
struct nf_expect *clone;
assert(exp != NULL);
if ((clone = nfexp_new()) == NULL)
return NULL;
memcpy(clone, exp, sizeof(*exp));
return clone;
}
int main(void)
{
int ret;
struct nfct_handle *h;
struct nf_conntrack *expected;
struct nf_expect *exp;
expected = nfct_new();
if (!expected) {
perror("nfct_new");
exit(EXIT_FAILURE);
}
nfct_set_attr_u8(expected, ATTR_L3PROTO, AF_INET);
nfct_set_attr_u32(expected, ATTR_IPV4_SRC, inet_addr("1.1.1.1"));
nfct_set_attr_u32(expected, ATTR_IPV4_DST, inet_addr("2.2.2.2"));
nfct_set_attr_u8(expected, ATTR_L4PROTO, IPPROTO_TCP);
nfct_set_attr_u16(expected, ATTR_PORT_SRC, 0);
nfct_set_attr_u16(expected, ATTR_PORT_DST, htons(10241));
exp = nfexp_new();
if (!exp) {
perror("nfexp_new");
nfct_destroy(expected);
exit(EXIT_FAILURE);
}
nfexp_set_attr(exp, ATTR_EXP_EXPECTED, expected);
h = nfct_open(EXPECT, 0);
if (!h) {
perror("nfct_open");
nfct_destroy(expected);
return -1;
}
ret = nfexp_query(h, NFCT_Q_DESTROY, exp);
printf("TEST: delete expectation ");
if (ret == -1)
printf("(%d)(%s)\n", ret, strerror(errno));
else
printf("(OK)\n");
nfct_close(h);
nfct_destroy(expected);
ret == -1 ? exit(EXIT_FAILURE) : exit(EXIT_SUCCESS);
}
int __expect_callback(struct nlmsghdr *nlh, struct nfattr *nfa[], void *data)
{
int ret = NFNL_CB_STOP;
unsigned int type;
struct nf_expect *exp;
int len = nlh->nlmsg_len;
struct __data_container *container = data;
len -= NLMSG_LENGTH(sizeof(struct nfgenmsg));
if (len < 0)
return NFNL_CB_CONTINUE;
type = __parse_message_type(nlh);
if (!(type & container->type))
return NFNL_CB_CONTINUE;
exp = nfexp_new();
if (!exp)
return NFNL_CB_CONTINUE;
__parse_expect(nlh, (const struct nfattr **)nfa, exp);
if (container->h->expect_cb)
ret = container->h->expect_cb(type, exp, container->data);
else if (container->h->expect_cb2)
ret = container->h->expect_cb2(nlh, type, exp, container->data);
switch(ret) {
case NFCT_CB_FAILURE:
free(exp);
ret = NFNL_CB_FAILURE;
break;
case NFCT_CB_STOP:
free(exp);
ret = NFNL_CB_STOP;
break;
case NFCT_CB_CONTINUE:
free(exp);
ret = NFNL_CB_CONTINUE;
break;
case NFCT_CB_STOLEN:
ret = NFNL_CB_CONTINUE;
break;
}
return ret;
}
int main(void)
{
int ret, i;
struct nf_conntrack *ct, *ct2, *tmp;
struct nf_expect *exp, *tmp_exp;
char data[256];
const char *val;
int status;
struct nfct_bitmask *b, *b2;
srand(time(NULL));
/* initialize fake data for testing purposes */
for (i=0; i<sizeof(data); i++)
data[i] = 0x01;
ct = nfct_new();
if (!ct) {
perror("nfct_new");
return 0;
}
tmp = nfct_new();
if (!tmp) {
perror("nfct_new");
return 0;
}
printf("== test set API ==\n");
ret = fork();
if (ret == 0) {
for (i=0; i<ATTR_MAX; i++)
nfct_set_attr(ct, i, data);
exit(0);
} else {
wait(&status);
eval_sigterm(status);
}
b = nfct_bitmask_new(rand() & 0xffff);
assert(b);
b2 = nfct_bitmask_new(rand() & 0xffff);
assert(b2);
for (i=0; i<ATTR_MAX; i++) {
switch (i) {
case ATTR_CONNLABELS:
nfct_set_attr(ct, i, b);
break;
case ATTR_CONNLABELS_MASK:
nfct_set_attr(ct, i, b2);
break;
default:
nfct_set_attr(ct, i, data);
break;
}
}
printf("== test get API ==\n");
ret = fork();
if (ret == 0) {
for (i=0; i<ATTR_MAX; i++)
nfct_get_attr(ct, i);
exit(0);
} else {
wait(&status);
eval_sigterm(status);
}
printf("== validate set API ==\n");
ret = fork();
if (ret == 0) {
for (i=0; i<ATTR_MAX; i++) {
if (attr_is_readonly(i))
continue;
switch(i) {
/* These attributes require special handling */
case ATTR_HELPER_INFO:
nfct_set_attr_l(ct, i, data, sizeof(data));
break;
case ATTR_CONNLABELS:
case ATTR_CONNLABELS_MASK:
/* already set above */
break;
default:
data[0] = (uint8_t) i;
nfct_set_attr(ct, i, data);
}
val = nfct_get_attr(ct, i);
switch (i) {
case ATTR_CONNLABELS:
assert((void *) val == b);
continue;
case ATTR_CONNLABELS_MASK:
assert((void *) val == b2);
continue;
}
if (val[0] != data[0]) {
printf("ERROR: set/get operations don't match "
"for attribute %d (%x != %x)\n",
i, val[0], data[0]);
}
}
exit(0);
} else {
wait(&status);
eval_sigterm(status);
}
printf("== test copy API ==\n");
ret = fork();
if (ret == 0) {
for (i=0; i<ATTR_MAX; i++)
nfct_copy_attr(tmp, ct, i);
exit(0);
} else {
wait(&status);
eval_sigterm(status);
}
ret = fork();
if (ret == 0) {
test_nfct_cmp_api(tmp, ct);
exit(0);
} else {
wait(&status);
eval_sigterm(status);
}
exp = nfexp_new();
if (!exp) {
perror("nfexp_new");
return 0;
}
tmp_exp = nfexp_new();
if (!tmp_exp) {
perror("nfexp_new");
return 0;
}
printf("== test expect set API ==\n");
ret = fork();
if (ret == 0) {
for (i=0; i<ATTR_EXP_MAX; i++)
nfexp_set_attr(exp, i, data);
exit(0);
} else {
wait(&status);
eval_sigterm(status);
}
for (i=0; i<ATTR_EXP_MAX; i++)
nfexp_set_attr(exp, i, data);
printf("== test expect get API ==\n");
ret = fork();
if (ret == 0) {
for (i=0; i<ATTR_EXP_MAX; i++)
nfexp_get_attr(exp, i);
exit(0);
} else {
wait(&status);
eval_sigterm(status);
}
printf("== validate expect set API ==\n");
ret = fork();
if (ret == 0) {
for (i=0; i<ATTR_EXP_MAX; i++) {
data[0] = (uint8_t) i;
nfexp_set_attr(exp, i, data);
val = nfexp_get_attr(exp, i);
if (val[0] != data[0]) {
printf("ERROR: set/get operations don't match "
"for attribute %d (%x != %x)\n",
i, val[0], data[0]);
}
}
exit(0);
} else {
wait(&status);
eval_sigterm(status);
}
ret = fork();
if (ret == 0) {
test_nfexp_cmp_api(tmp_exp, exp);
exit(0);
} else {
wait(&status);
eval_sigterm(status);
}
ct2 = nfct_new();
if (!ct2) {
perror("nfct_new");
return 0;
}
printf("== test set grp API ==\n");
ret = fork();
if (ret == 0) {
for (i=0; i<ATTR_GRP_MAX; i++)
nfct_set_attr_grp(ct2, i, data);
exit(0);
} else {
wait(&status);
eval_sigterm(status);
}
for (i=0; i<ATTR_GRP_MAX; i++)
nfct_set_attr_grp(ct2, i, data);
printf("== test get grp API ==\n");
ret = fork();
if (ret == 0) {
char buf[32]; /* IPv6 group address is 16 bytes * 2 */
for (i=0; i<ATTR_GRP_MAX; i++)
nfct_get_attr_grp(ct2, i, buf);
exit(0);
} else {
wait(&status);
eval_sigterm(status);
}
printf("== validate set grp API ==\n");
ret = fork();
if (ret == 0) {
for (i=0; i<ATTR_GRP_MAX; i++) {
char buf[32]; /* IPv6 group address is 16 bytes */
data[0] = (uint8_t) i;
nfct_set_attr_grp(ct2, i, data);
nfct_get_attr_grp(ct2, i, buf);
/* These attributes cannot be set, ignore them. */
switch(i) {
case ATTR_GRP_ORIG_COUNTERS:
case ATTR_GRP_REPL_COUNTERS:
case ATTR_GRP_ORIG_ADDR_SRC:
case ATTR_GRP_ORIG_ADDR_DST:
case ATTR_GRP_REPL_ADDR_SRC:
case ATTR_GRP_REPL_ADDR_DST:
continue;
}
if (buf[0] != data[0]) {
printf("ERROR: set/get operations don't match "
"for attribute %d (%x != %x)\n",
i, buf[0], data[0]);
}
}
exit(0);
} else {
wait(&status);
eval_sigterm(status);
}
nfct_destroy(ct2);
printf("== destroy cloned ct entry ==\n");
nfct_destroy(ct);
nfct_destroy(tmp);
nfexp_destroy(exp);
nfexp_destroy(tmp_exp);
printf("OK\n");
test_nfct_bitmask();
return EXIT_SUCCESS;
}
static int
rpc_helper_cb(struct pkt_buff *pkt, uint32_t protoff,
struct myct *myct, uint32_t ctinfo)
{
int dir = CTINFO2DIR(ctinfo);
unsigned int offset = protoff, datalen;
uint32_t *data, *port_ptr = NULL, xid;
uint16_t port;
uint8_t proto = nfct_get_attr_u8(myct->ct, ATTR_L4PROTO);
enum msg_type rm_dir;
struct rpc_info *rpc_info = myct->priv_data;
union nfct_attr_grp_addr addr, daddr;
struct nf_expect *exp = NULL;
int ret = NF_ACCEPT;
/* Until there's been traffic both ways, don't look into TCP packets. */
if (proto == IPPROTO_TCP
&& ctinfo != IP_CT_ESTABLISHED
&& ctinfo != IP_CT_ESTABLISHED_REPLY) {
pr_debug("TCP RPC: Conntrackinfo = %u\n", ctinfo);
return ret;
}
if (proto == IPPROTO_TCP) {
struct tcphdr *th =
(struct tcphdr *) (pktb_network_header(pkt) + protoff);
offset += th->doff * 4;
} else {
offset += sizeof(struct udphdr);
}
/* Skip broken headers */
if (offset % 4) {
pr_debug("RPC: broken header: offset %u%%4 != 0\n", offset);
return ret;
}
/* Take into Record Fragment header */
if (proto == IPPROTO_TCP)
offset += 4;
datalen = pktb_len(pkt);
data = (uint32_t *)(pktb_network_header(pkt) + offset);
/* rpc_msg {
* xid
* direction
* xdr_union {
* call_body
* reply_body
* }
* }
*/
/* Check minimal msg size: xid + direction */
if (datalen < OFFSET(offset, 2*4)) {
pr_debug("RPC: too short packet: %u < %u\n",
datalen, offset);
return ret;
}
xid = IXDR_GET_INT32(data);
rm_dir = IXDR_GET_INT32(data);
/* Check direction */
if (!((rm_dir == CALL && dir == MYCT_DIR_ORIG)
|| (rm_dir == REPLY && dir == MYCT_DIR_REPL))) {
pr_debug("RPC: rm_dir != dir %u != %u\n", rm_dir, dir);
goto out;
}
if (rm_dir == CALL) {
if (rpc_call(data, offset, datalen, rpc_info) < 0)
goto out;
rpc_info->xid = xid;
return ret;
} else {
/* Check XID */
if (xid != rpc_info->xid) {
pr_debug("RPC REPL: XID does not match: %u != %u\n",
xid, rpc_info->xid);
goto out;
}
if (rpc_reply(data, offset, datalen, rpc_info, &port_ptr) < 0)
goto out;
port = IXDR_GET_INT32(port_ptr);
port = htons(port);
/* We refer to the reverse direction ("!dir") tuples here,
* because we're expecting something in the other direction.
* Doesn't matter unless NAT is happening. */
cthelper_get_addr_dst(myct->ct, !dir, &daddr);
cthelper_get_addr_src(myct->ct, !dir, &addr);
exp = nfexp_new();
if (exp == NULL)
goto out;
if (cthelper_expect_init(exp, myct->ct, 0, &addr, &daddr,
rpc_info->pm_prot,
NULL, &port, NF_CT_EXPECT_PERMANENT)) {
pr_debug("RPC: failed to init expectation\n");
goto out_exp;
}
/* Now, NAT might want to mangle the packet, and register the
* (possibly changed) expectation itself. */
if (nfct_get_attr_u32(myct->ct, ATTR_STATUS) & IPS_NAT_MASK) {
ret = nf_nat_rpc(pkt, dir, exp, rpc_info->pm_prot,
port_ptr);
goto out_exp;
}
/* Can't expect this? Best to drop packet now. */
if (cthelper_add_expect(exp) < 0) {
pr_debug("RPC: cannot add expectation: %s\n",
strerror(errno));
ret = NF_DROP;
}
}
out_exp:
nfexp_destroy(exp);
out:
rpc_info->xid = 0;
return ret;
}
int main(void)
{
int ret, i;
struct nf_conntrack *ct, *ct2, *tmp;
struct nf_expect *exp, *tmp_exp;
char data[256];
const char *val;
int status;
/* initialize fake data for testing purposes */
for (i=0; i<sizeof(data); i++)
data[i] = 0x01;
ct = nfct_new();
if (!ct) {
perror("nfct_new");
return 0;
}
tmp = nfct_new();
if (!tmp) {
perror("nfct_new");
return 0;
}
printf("== test set API ==\n");
ret = fork();
if (ret == 0) {
for (i=0; i<ATTR_MAX; i++)
nfct_set_attr(ct, i, data);
exit(0);
} else {
wait(&status);
eval_sigterm(status);
}
for (i=0; i<ATTR_MAX; i++)
nfct_set_attr(ct, i, data);
printf("== test get API ==\n");
ret = fork();
if (ret == 0) {
for (i=0; i<ATTR_MAX; i++)
nfct_get_attr(ct, i);
exit(0);
} else {
wait(&status);
eval_sigterm(status);
}
printf("== validate set API ==\n");
ret = fork();
if (ret == 0) {
for (i=0; i<ATTR_MAX; i++) {
/* These attributes cannot be set, ignore them. */
switch(i) {
case ATTR_ORIG_COUNTER_PACKETS:
case ATTR_REPL_COUNTER_PACKETS:
case ATTR_ORIG_COUNTER_BYTES:
case ATTR_REPL_COUNTER_BYTES:
case ATTR_USE:
case ATTR_SECCTX:
case ATTR_TIMESTAMP_START:
case ATTR_TIMESTAMP_STOP:
continue;
/* These attributes require special handling */
case ATTR_HELPER_INFO:
nfct_set_attr_l(ct, i, data, sizeof(data));
break;
default:
data[0] = (uint8_t) i;
nfct_set_attr(ct, i, data);
}
val = nfct_get_attr(ct, i);
if (val[0] != data[0]) {
printf("ERROR: set/get operations don't match "
"for attribute %d (%x != %x)\n",
i, val[0], data[0]);
}
}
exit(0);
} else {
wait(&status);
eval_sigterm(status);
}
printf("== test copy API ==\n");
ret = fork();
if (ret == 0) {
for (i=0; i<ATTR_MAX; i++)
nfct_copy_attr(tmp, ct, i);
exit(0);
} else {
wait(&status);
eval_sigterm(status);
}
printf("== test cmp API ==\n");
ret = fork();
if (ret == 0) {
nfct_cmp(tmp, ct, NFCT_CMP_ALL);
exit(0);
} else {
wait(&status);
eval_sigterm(status);
}
exp = nfexp_new();
if (!exp) {
perror("nfexp_new");
return 0;
}
tmp_exp = nfexp_new();
if (!tmp_exp) {
perror("nfexp_new");
return 0;
}
printf("== test expect set API ==\n");
ret = fork();
if (ret == 0) {
for (i=0; i<ATTR_EXP_MAX; i++)
nfexp_set_attr(exp, i, data);
exit(0);
} else {
wait(&status);
eval_sigterm(status);
}
for (i=0; i<ATTR_EXP_MAX; i++)
nfexp_set_attr(exp, i, data);
printf("== test expect get API ==\n");
ret = fork();
if (ret == 0) {
for (i=0; i<ATTR_EXP_MAX; i++)
nfexp_get_attr(exp, i);
exit(0);
} else {
wait(&status);
eval_sigterm(status);
}
printf("== validate expect set API ==\n");
ret = fork();
if (ret == 0) {
for (i=0; i<ATTR_EXP_MAX; i++) {
data[0] = (uint8_t) i;
nfexp_set_attr(exp, i, data);
val = nfexp_get_attr(exp, i);
if (val[0] != data[0]) {
printf("ERROR: set/get operations don't match "
"for attribute %d (%x != %x)\n",
i, val[0], data[0]);
}
}
exit(0);
} else {
wait(&status);
eval_sigterm(status);
}
/* XXX: missing nfexp_copy API. */
memcpy(tmp_exp, exp, nfexp_maxsize());
printf("== test expect cmp API ==\n");
ret = fork();
if (ret == 0) {
nfexp_cmp(tmp_exp, exp, 0);
exit(0);
} else {
wait(&status);
eval_sigterm(status);
}
ct2 = nfct_clone(ct);
assert(ct2);
assert(nfct_cmp(ct, ct2, NFCT_CMP_ALL) == 1);
nfct_destroy(ct2);
ct2 = nfct_new();
if (!ct2) {
perror("nfct_new");
return 0;
}
printf("== test set grp API ==\n");
ret = fork();
if (ret == 0) {
for (i=0; i<ATTR_GRP_MAX; i++)
nfct_set_attr_grp(ct2, i, data);
exit(0);
} else {
wait(&status);
eval_sigterm(status);
}
for (i=0; i<ATTR_GRP_MAX; i++)
nfct_set_attr_grp(ct2, i, data);
printf("== test get grp API ==\n");
ret = fork();
if (ret == 0) {
char buf[32]; /* IPv6 group address is 16 bytes * 2 */
for (i=0; i<ATTR_GRP_MAX; i++)
nfct_get_attr_grp(ct2, i, buf);
exit(0);
} else {
wait(&status);
eval_sigterm(status);
}
printf("== validate set grp API ==\n");
ret = fork();
if (ret == 0) {
for (i=0; i<ATTR_GRP_MAX; i++) {
char buf[32]; /* IPv6 group address is 16 bytes */
data[0] = (uint8_t) i;
nfct_set_attr_grp(ct2, i, data);
nfct_get_attr_grp(ct2, i, buf);
/* These attributes cannot be set, ignore them. */
switch(i) {
case ATTR_GRP_ORIG_COUNTERS:
case ATTR_GRP_REPL_COUNTERS:
case ATTR_GRP_ORIG_ADDR_SRC:
case ATTR_GRP_ORIG_ADDR_DST:
case ATTR_GRP_REPL_ADDR_SRC:
case ATTR_GRP_REPL_ADDR_DST:
continue;
}
if (buf[0] != data[0]) {
printf("ERROR: set/get operations don't match "
"for attribute %d (%x != %x)\n",
i, buf[0], data[0]);
}
}
exit(0);
} else {
wait(&status);
eval_sigterm(status);
}
nfct_destroy(ct2);
printf("== destroy cloned ct entry ==\n");
nfct_destroy(ct);
nfct_destroy(tmp);
nfexp_destroy(exp);
nfexp_destroy(tmp_exp);
printf("OK\n");
return EXIT_SUCCESS;
}
int main(void)
{
int ret;
struct nfct_handle *h;
struct nf_conntrack *master, *expected, *mask, *nat;
struct nf_expect *exp;
/*
* Step 1: Setup master conntrack
*/
master = nfct_new();
if (!master) {
perror("nfct_new");
exit(EXIT_FAILURE);
}
nfct_set_attr_u8(master, ATTR_L3PROTO, AF_INET);
nfct_set_attr_u32(master, ATTR_IPV4_SRC, inet_addr("1.1.1.1"));
nfct_set_attr_u32(master, ATTR_IPV4_DST, inet_addr("2.2.2.2"));
nfct_set_attr_u8(master, ATTR_L4PROTO, IPPROTO_TCP);
nfct_set_attr_u16(master, ATTR_PORT_SRC, htons(1025));
nfct_set_attr_u16(master, ATTR_PORT_DST, htons(21));
nfct_setobjopt(master, NFCT_SOPT_SETUP_REPLY);
nfct_set_attr_u8(master, ATTR_TCP_STATE, TCP_CONNTRACK_ESTABLISHED);
nfct_set_attr_u32(master, ATTR_TIMEOUT, 200);
nfct_set_attr(master, ATTR_HELPER_NAME, "ftp");
h = nfct_open(CONNTRACK, 0);
if (!h) {
perror("nfct_open");
nfct_destroy(master);
return -1;
}
ret = nfct_query(h, NFCT_Q_CREATE, master);
printf("TEST: add master conntrack ");
if (ret == -1)
printf("(%d)(%s)\n", ret, strerror(errno));
else
printf("(OK)\n");
nfct_close(h);
expected = nfct_new();
if (!expected) {
perror("nfct_new");
exit(EXIT_FAILURE);
}
nfct_set_attr_u8(expected, ATTR_L3PROTO, AF_INET);
nfct_set_attr_u32(expected, ATTR_IPV4_SRC, inet_addr("1.1.1.1"));
nfct_set_attr_u32(expected, ATTR_IPV4_DST, inet_addr("2.2.2.2"));
nfct_set_attr_u8(expected, ATTR_L4PROTO, IPPROTO_TCP);
nfct_set_attr_u16(expected, ATTR_PORT_SRC, 0);
nfct_set_attr_u16(expected, ATTR_PORT_DST, htons(10241));
mask = nfct_new();
if (!mask) {
perror("nfct_new");
nfct_destroy(master);
nfct_destroy(expected);
exit(EXIT_FAILURE);
}
nfct_set_attr_u8(mask, ATTR_L3PROTO, AF_INET);
nfct_set_attr_u32(mask, ATTR_IPV4_SRC, 0xffffffff);
nfct_set_attr_u32(mask, ATTR_IPV4_DST, 0xffffffff);
nfct_set_attr_u8(mask, ATTR_L4PROTO, IPPROTO_TCP);
nfct_set_attr_u16(mask, ATTR_PORT_SRC, 0x0000);
nfct_set_attr_u16(mask, ATTR_PORT_DST, 0xffff);
nat = nfct_new();
if (!nat) {
perror("nfct_new");
nfct_destroy(mask);
nfct_destroy(master);
nfct_destroy(expected);
exit(EXIT_FAILURE);
}
nfct_set_attr_u8(nat, ATTR_L3PROTO, AF_INET);
nfct_set_attr_u32(nat, ATTR_IPV4_SRC, inet_addr("3.3.3.3"));
nfct_set_attr_u32(nat, ATTR_IPV4_DST, 0);
nfct_set_attr_u8(nat, ATTR_L4PROTO, IPPROTO_TCP);
nfct_set_attr_u16(nat, ATTR_PORT_SRC, 12345);
nfct_set_attr_u16(nat, ATTR_PORT_DST, 0);
/*
* Step 2: Setup expectation
*/
exp = nfexp_new();
if (!exp) {
perror("nfexp_new");
nfct_destroy(master);
nfct_destroy(expected);
nfct_destroy(mask);
exit(EXIT_FAILURE);
}
nfexp_set_attr(exp, ATTR_EXP_MASTER, master);
nfexp_set_attr(exp, ATTR_EXP_EXPECTED, expected);
nfexp_set_attr(exp, ATTR_EXP_MASK, mask);
nfexp_set_attr(exp, ATTR_EXP_NAT_TUPLE, nat);
nfexp_set_attr_u32(exp, ATTR_EXP_NAT_DIR, 0);
nfexp_set_attr_u32(exp, ATTR_EXP_TIMEOUT, 200);
nfct_destroy(master);
nfct_destroy(expected);
nfct_destroy(mask);
nfct_destroy(nat);
h = nfct_open(EXPECT, 0);
if (!h) {
perror("nfct_open");
return -1;
}
ret = nfexp_query(h, NFCT_Q_CREATE, exp);
printf("TEST: create expectation ");
if (ret == -1)
printf("(%d)(%s)\n", ret, strerror(errno));
else
printf("(OK)\n");
nfct_close(h);
ret == -1 ? exit(EXIT_FAILURE) : exit(EXIT_SUCCESS);
}