static void ct_dump_tuples(struct nfnl_ct *ct, struct nl_dump_params *p)
{
struct nl_addr *orig_src, *orig_dst, *reply_src, *reply_dst;
int orig_sport = 0, orig_dport = 0, reply_sport = 0, reply_dport = 0;
int sync = 0;
orig_src = nfnl_ct_get_src(ct, 0);
orig_dst = nfnl_ct_get_dst(ct, 0);
reply_src = nfnl_ct_get_src(ct, 1);
reply_dst = nfnl_ct_get_dst(ct, 1);
if (nfnl_ct_test_src_port(ct, 0))
orig_sport = nfnl_ct_get_src_port(ct, 0);
if (nfnl_ct_test_dst_port(ct, 0))
orig_dport = nfnl_ct_get_dst_port(ct, 0);
if (nfnl_ct_test_src_port(ct, 1))
reply_sport = nfnl_ct_get_src_port(ct, 1);
if (nfnl_ct_test_dst_port(ct, 1))
reply_dport = nfnl_ct_get_dst_port(ct, 1);
if (orig_src && orig_dst && reply_src && reply_dst &&
orig_sport == reply_dport && orig_dport == reply_sport &&
!nl_addr_cmp(orig_src, reply_dst) &&
!nl_addr_cmp(orig_dst, reply_src))
sync = 1;
dump_addr(p, orig_src, orig_sport);
nl_dump(p, sync ? "<-> " : "-> ");
dump_addr(p, orig_dst, orig_dport);
dump_icmp(p, ct, 0);
if (!sync) {
dump_addr(p, reply_src, reply_sport);
nl_dump(p, "<- ");
dump_addr(p, reply_dst, reply_dport);
dump_icmp(p, ct, 1);
}
}
static int nfnl_ct_build_message(const struct nfnl_ct *ct, int cmd, int flags,
struct nl_msg **result)
{
struct nl_msg *msg;
int err;
msg = nfnlmsg_alloc_simple(NFNL_SUBSYS_CTNETLINK, cmd, flags,
nfnl_ct_get_family(ct), 0);
if (msg == NULL)
return -NLE_NOMEM;
if ((err = nfnl_ct_build_tuple(msg, ct, 0)) < 0)
goto err_out;
/* REPLY tuple is optional, dont add unless at least src/dst specified */
if ( nfnl_ct_get_src(ct, 1) && nfnl_ct_get_dst(ct, 1) )
if ((err = nfnl_ct_build_tuple(msg, ct, 1)) < 0)
goto err_out;
if (nfnl_ct_test_status(ct))
NLA_PUT_U32(msg, CTA_STATUS, htonl(nfnl_ct_get_status(ct)));
if (nfnl_ct_test_timeout(ct))
NLA_PUT_U32(msg, CTA_TIMEOUT, htonl(nfnl_ct_get_timeout(ct)));
if (nfnl_ct_test_mark(ct))
NLA_PUT_U32(msg, CTA_MARK, htonl(nfnl_ct_get_mark(ct)));
if (nfnl_ct_test_id(ct))
NLA_PUT_U32(msg, CTA_ID, htonl(nfnl_ct_get_id(ct)));
if (nfnl_ct_test_zone(ct))
NLA_PUT_U16(msg, CTA_ZONE, htons(nfnl_ct_get_zone(ct)));
*result = msg;
return 0;
nla_put_failure:
err_out:
nlmsg_free(msg);
return err;
}
static void change_cb(struct nl_cache *cache, struct nl_object *obj,
int action)
{
struct nfnl_ct *ct = (struct nfnl_ct *) obj;
static struct nl_addr *hack = NULL;
if (!hack)
hack = nl_addr_parse("194.88.212.233", AF_INET);
if (!nl_addr_cmp(hack, nfnl_ct_get_src(ct, 1)) ||
!nl_addr_cmp(hack, nfnl_ct_get_dst(ct, 1))) {
struct nl_dump_params dp = {
.dp_type = NL_DUMP_LINE,
.dp_fd = stdout,
};
printf("UPDATE ");
nl_object_dump(obj, &dp);
}
}
static int nfnl_ct_build_tuple(struct nl_msg *msg, const struct nfnl_ct *ct,
int repl)
{
struct nlattr *tuple, *ip, *proto;
struct nl_addr *addr;
int family;
family = nfnl_ct_get_family(ct);
tuple = nla_nest_start(msg, repl ? CTA_TUPLE_REPLY : CTA_TUPLE_ORIG);
if (!tuple)
goto nla_put_failure;
ip = nla_nest_start(msg, CTA_TUPLE_IP);
if (!ip)
goto nla_put_failure;
addr = nfnl_ct_get_src(ct, repl);
if (addr)
NLA_PUT_ADDR(msg,
family == AF_INET ? CTA_IP_V4_SRC : CTA_IP_V6_SRC,
addr);
addr = nfnl_ct_get_dst(ct, repl);
if (addr)
NLA_PUT_ADDR(msg,
family == AF_INET ? CTA_IP_V4_DST : CTA_IP_V6_DST,
addr);
nla_nest_end(msg, ip);
proto = nla_nest_start(msg, CTA_TUPLE_PROTO);
if (!proto)
goto nla_put_failure;
if (nfnl_ct_test_proto(ct))
NLA_PUT_U8(msg, CTA_PROTO_NUM, nfnl_ct_get_proto(ct));
if (nfnl_ct_test_src_port(ct, repl))
NLA_PUT_U16(msg, CTA_PROTO_SRC_PORT,
htons(nfnl_ct_get_src_port(ct, repl)));
if (nfnl_ct_test_dst_port(ct, repl))
NLA_PUT_U16(msg, CTA_PROTO_DST_PORT,
htons(nfnl_ct_get_dst_port(ct, repl)));
if (family == AF_INET) {
if (nfnl_ct_test_icmp_id(ct, repl))
NLA_PUT_U16(msg, CTA_PROTO_ICMP_ID,
htons(nfnl_ct_get_icmp_id(ct, repl)));
if (nfnl_ct_test_icmp_type(ct, repl))
NLA_PUT_U8(msg, CTA_PROTO_ICMP_TYPE,
nfnl_ct_get_icmp_type(ct, repl));
if (nfnl_ct_test_icmp_code(ct, repl))
NLA_PUT_U8(msg, CTA_PROTO_ICMP_CODE,
nfnl_ct_get_icmp_code(ct, repl));
} else if (family == AF_INET6) {
if (nfnl_ct_test_icmp_id(ct, repl))
NLA_PUT_U16(msg, CTA_PROTO_ICMPV6_ID,
htons(nfnl_ct_get_icmp_id(ct, repl)));
if (nfnl_ct_test_icmp_type(ct, repl))
NLA_PUT_U8(msg, CTA_PROTO_ICMPV6_TYPE,
nfnl_ct_get_icmp_type(ct, repl));
if (nfnl_ct_test_icmp_code(ct, repl))
NLA_PUT_U8(msg, CTA_PROTO_ICMPV6_CODE,
nfnl_ct_get_icmp_code(ct, repl));
}
nla_nest_end(msg, proto);
nla_nest_end(msg, tuple);
return 0;
nla_put_failure:
return -NLE_MSGSIZE;
}
