static void nftnl_expr_queue_build(struct nlmsghdr *nlh, struct nftnl_expr *e) { struct nftnl_expr_queue *queue = nftnl_expr_data(e); if (e->flags & (1 << NFTNL_EXPR_QUEUE_NUM)) mnl_attr_put_u16(nlh, NFTA_QUEUE_NUM, htons(queue->queuenum)); if (e->flags & (1 << NFTNL_EXPR_QUEUE_TOTAL)) mnl_attr_put_u16(nlh, NFTA_QUEUE_TOTAL, htons(queue->queues_total)); if (e->flags & (1 << NFTNL_EXPR_QUEUE_FLAGS)) mnl_attr_put_u16(nlh, NFTA_QUEUE_FLAGS, htons(queue->flags)); }
static void put_msg(char *buf, uint16_t i, int seq) { struct nlmsghdr *nlh; struct nfgenmsg *nfh; struct nlattr *nest1, *nest2; nlh = mnl_nlmsg_put_header(buf); nlh->nlmsg_type = (NFNL_SUBSYS_CTNETLINK << 8) | IPCTNL_MSG_CT_NEW; nlh->nlmsg_flags = NLM_F_REQUEST|NLM_F_CREATE|NLM_F_EXCL|NLM_F_ACK; nlh->nlmsg_seq = seq; nfh = mnl_nlmsg_put_extra_header(nlh, sizeof(struct nfgenmsg)); nfh->nfgen_family = AF_INET; nfh->version = NFNETLINK_V0; nfh->res_id = 0; nest1 = mnl_attr_nest_start(nlh, CTA_TUPLE_ORIG); nest2 = mnl_attr_nest_start(nlh, CTA_TUPLE_IP); mnl_attr_put_u32(nlh, CTA_IP_V4_SRC, inet_addr("1.1.1.1")); mnl_attr_put_u32(nlh, CTA_IP_V4_DST, inet_addr("2.2.2.2")); mnl_attr_nest_end(nlh, nest2); nest2 = mnl_attr_nest_start(nlh, CTA_TUPLE_PROTO); mnl_attr_put_u8(nlh, CTA_PROTO_NUM, IPPROTO_TCP); mnl_attr_put_u16(nlh, CTA_PROTO_SRC_PORT, htons(i)); mnl_attr_put_u16(nlh, CTA_PROTO_DST_PORT, htons(1025)); mnl_attr_nest_end(nlh, nest2); mnl_attr_nest_end(nlh, nest1); nest1 = mnl_attr_nest_start(nlh, CTA_TUPLE_REPLY); nest2 = mnl_attr_nest_start(nlh, CTA_TUPLE_IP); mnl_attr_put_u32(nlh, CTA_IP_V4_SRC, inet_addr("2.2.2.2")); mnl_attr_put_u32(nlh, CTA_IP_V4_DST, inet_addr("1.1.1.1")); mnl_attr_nest_end(nlh, nest2); nest2 = mnl_attr_nest_start(nlh, CTA_TUPLE_PROTO); mnl_attr_put_u8(nlh, CTA_PROTO_NUM, IPPROTO_TCP); mnl_attr_put_u16(nlh, CTA_PROTO_SRC_PORT, htons(1025)); mnl_attr_put_u16(nlh, CTA_PROTO_DST_PORT, htons(i)); mnl_attr_nest_end(nlh, nest2); mnl_attr_nest_end(nlh, nest1); nest1 = mnl_attr_nest_start(nlh, CTA_PROTOINFO); nest2 = mnl_attr_nest_start(nlh, CTA_PROTOINFO_TCP); mnl_attr_put_u8(nlh, CTA_PROTOINFO_TCP_STATE, TCP_CONNTRACK_SYN_SENT); mnl_attr_nest_end(nlh, nest2); mnl_attr_nest_end(nlh, nest1); mnl_attr_put_u32(nlh, CTA_STATUS, htonl(IPS_CONFIRMED)); mnl_attr_put_u32(nlh, CTA_TIMEOUT, htonl(1000)); }
static void nft_rule_expr_log_build(struct nlmsghdr *nlh, struct nft_rule_expr *e) { struct nft_expr_log *log = nft_expr_data(e); if (e->flags & (1 << NFT_EXPR_LOG_PREFIX)) mnl_attr_put_strz(nlh, NFTA_LOG_PREFIX, log->prefix); if (e->flags & (1 << NFT_EXPR_LOG_GROUP)) mnl_attr_put_u16(nlh, NFTA_LOG_GROUP, htons(log->group)); if (e->flags & (1 << NFT_EXPR_LOG_SNAPLEN)) mnl_attr_put_u32(nlh, NFTA_LOG_SNAPLEN, htonl(log->snaplen)); if (e->flags & (1 << NFT_EXPR_LOG_QTHRESHOLD)) mnl_attr_put_u16(nlh, NFTA_LOG_QTHRESHOLD, htons(log->qthreshold)); if (e->flags & (1 << NFT_EXPR_LOG_LEVEL)) mnl_attr_put_u32(nlh, NFTA_LOG_LEVEL, htonl(log->level)); if (e->flags & (1 << NFT_EXPR_LOG_FLAGS)) mnl_attr_put_u32(nlh, NFTA_LOG_FLAGS, htonl(log->flags)); }
static int nfct_build_protonat(struct nlmsghdr *nlh, const struct nf_conntrack *ct, const struct __nfct_nat *nat) { struct nlattr *nest; nest = mnl_attr_nest_start(nlh, CTA_NAT_PROTO); switch (ct->head.orig.protonum) { case IPPROTO_TCP: case IPPROTO_UDP: mnl_attr_put_u16(nlh, CTA_PROTONAT_PORT_MIN, nat->l4min.tcp.port); mnl_attr_put_u16(nlh, CTA_PROTONAT_PORT_MAX, nat->l4max.tcp.port); break; } mnl_attr_nest_end(nlh, nest); return 0; }
static int nfct_build_tuple_proto(struct nlmsghdr *nlh, const struct __nfct_tuple *t) { struct nlattr *nest; nest = mnl_attr_nest_start(nlh, CTA_TUPLE_PROTO); if (nest == NULL) return -1; mnl_attr_put_u8(nlh, CTA_PROTO_NUM, t->protonum); switch(t->protonum) { case IPPROTO_UDP: case IPPROTO_TCP: case IPPROTO_SCTP: case IPPROTO_DCCP: case IPPROTO_GRE: case IPPROTO_UDPLITE: mnl_attr_put_u16(nlh, CTA_PROTO_SRC_PORT, t->l4src.tcp.port); mnl_attr_put_u16(nlh, CTA_PROTO_DST_PORT, t->l4dst.tcp.port); break; case IPPROTO_ICMP: mnl_attr_put_u8(nlh, CTA_PROTO_ICMP_CODE, t->l4dst.icmp.code); mnl_attr_put_u8(nlh, CTA_PROTO_ICMP_TYPE, t->l4dst.icmp.type); mnl_attr_put_u16(nlh, CTA_PROTO_ICMP_ID, t->l4src.icmp.id); break; case IPPROTO_ICMPV6: mnl_attr_put_u8(nlh, CTA_PROTO_ICMPV6_CODE, t->l4dst.icmp.code); mnl_attr_put_u8(nlh, CTA_PROTO_ICMPV6_TYPE, t->l4dst.icmp.type); mnl_attr_put_u16(nlh, CTA_PROTO_ICMPV6_ID, t->l4src.icmp.id); break; default: mnl_attr_nest_cancel(nlh, nest); return -1; } mnl_attr_nest_end(nlh, nest); return 0; }
static int get_family(void) { int err; int nl_family; struct nlmsghdr *nlh; struct genlmsghdr *genl; char buf[MNL_SOCKET_BUFFER_SIZE]; nlh = mnl_nlmsg_put_header(buf); nlh->nlmsg_type = GENL_ID_CTRL; nlh->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK; genl = mnl_nlmsg_put_extra_header(nlh, sizeof(struct genlmsghdr)); genl->cmd = CTRL_CMD_GETFAMILY; genl->version = 1; mnl_attr_put_u16(nlh, CTRL_ATTR_FAMILY_ID, GENL_ID_CTRL); mnl_attr_put_strz(nlh, CTRL_ATTR_FAMILY_NAME, TIPC_GENL_V2_NAME); if ((err = msg_query(nlh, family_id_cb, &nl_family))) return err; return nl_family; }
static int nfct_build_zone(struct nlmsghdr *nlh, const struct nf_conntrack *ct) { mnl_attr_put_u16(nlh, CTA_ZONE, htons(ct->zone)); return 0; }