[netfilter-cvslog] r6821 - in trunk/libnetfilter_conntrack: include/libnetfilter_conntrack src/expect utils

pablo at netfilter.org pablo at netfilter.org
Sun May 6 19:39:00 CEST 2007 

Author: pablo at netfilter.org
Date: 2007-05-06 19:39:00 +0200 (Sun, 06 May 2007)
New Revision: 6821

Added:
   trunk/libnetfilter_conntrack/utils/expect_create.c
   trunk/libnetfilter_conntrack/utils/expect_delete.c
   trunk/libnetfilter_conntrack/utils/expect_dump.c
   trunk/libnetfilter_conntrack/utils/expect_events.c
   trunk/libnetfilter_conntrack/utils/expect_flush.c
   trunk/libnetfilter_conntrack/utils/expect_get.c
Removed:
   trunk/libnetfilter_conntrack/utils/expect_api_test.c
Modified:
   trunk/libnetfilter_conntrack/include/libnetfilter_conntrack/libnetfilter_conntrack.h
   trunk/libnetfilter_conntrack/src/expect/api.c
   trunk/libnetfilter_conntrack/src/expect/build.c
   trunk/libnetfilter_conntrack/utils/Makefile.am
   trunk/libnetfilter_conntrack/utils/ctnl_test.c
Log:
- add warning note to ctnl_test.c: old API is deprecated
- split expect_api_test.c into small example files expect_*.c
- introduce alias tags for original tuple attributes
- introduce nfexp_sizeof and nfexp_maxsize
- build expectation attributes iif they are set
- fix l3num setting in expect/build.c



Modified: trunk/libnetfilter_conntrack/include/libnetfilter_conntrack/libnetfilter_conntrack.h
===================================================================
--- trunk/libnetfilter_conntrack/include/libnetfilter_conntrack/libnetfilter_conntrack.h	2007-05-06 17:36:13 UTC (rev 6820)
+++ trunk/libnetfilter_conntrack/include/libnetfilter_conntrack/libnetfilter_conntrack.h	2007-05-06 17:39:00 UTC (rev 6821)
@@ -56,39 +56,47 @@
 
 /* conntrack attributes */
 enum nf_conntrack_attr {
-	ATTR_ORIG_IPV4_SRC = 0,		/* u32 bits */
-	ATTR_ORIG_IPV4_DST,		/* u32 bits */
-	ATTR_REPL_IPV4_SRC,		/* u32 bits */
-	ATTR_REPL_IPV4_DST,		/* u32 bits */
-	ATTR_ORIG_IPV6_SRC = 4,		/* u128 bits */
-	ATTR_ORIG_IPV6_DST,		/* u128 bits */
-	ATTR_REPL_IPV6_SRC,		/* u128 bits */
-	ATTR_REPL_IPV6_DST,		/* u128 bits */
-	ATTR_ORIG_PORT_SRC = 8,		/* u16 bits */
-	ATTR_ORIG_PORT_DST,		/* u16 bits */
-	ATTR_REPL_PORT_SRC,		/* u16 bits */
-	ATTR_REPL_PORT_DST,		/* u16 bits */
-	ATTR_ICMP_TYPE = 12,		/* u8 bits */
-	ATTR_ICMP_CODE,			/* u8 bits */
-	ATTR_ICMP_ID,			/* u16 bits */
-	ATTR_ORIG_L3PROTO,		/* u8 bits */
-	ATTR_REPL_L3PROTO = 16,		/* u8 bits */
-	ATTR_ORIG_L4PROTO,		/* u8 bits */
-	ATTR_REPL_L4PROTO,		/* u8 bits */
-	ATTR_TCP_STATE,			/* u8 bits */
-	ATTR_SNAT_IPV4 = 20,		/* u32 bits */
-	ATTR_DNAT_IPV4,			/* u32 bits */
-	ATTR_SNAT_PORT,			/* u16 bits */
-	ATTR_DNAT_PORT,			/* u16 bits */
-	ATTR_TIMEOUT = 24,		/* u32 bits */
-	ATTR_MARK,			/* u32 bits */
-	ATTR_ORIG_COUNTER_PACKETS,	/* u32 bits */
-	ATTR_REPL_COUNTER_PACKETS,	/* u32 bits */
-	ATTR_ORIG_COUNTER_BYTES = 28,	/* u32 bits */
-	ATTR_REPL_COUNTER_BYTES,	/* u32 bits */
-	ATTR_USE,			/* u32 bits */
-	ATTR_ID,			/* u32 bits */
-	ATTR_STATUS = 32,		/* u32 bits  */
+	ATTR_ORIG_IPV4_SRC = 0,			/* u32 bits */
+	ATTR_IPV4_SRC = ATTR_ORIG_IPV4_SRC,	/* alias */
+	ATTR_ORIG_IPV4_DST,			/* u32 bits */
+	ATTR_IPV4_DST = ATTR_ORIG_IPV4_DST,	/* alias */
+	ATTR_REPL_IPV4_SRC,			/* u32 bits */
+	ATTR_REPL_IPV4_DST,			/* u32 bits */
+	ATTR_ORIG_IPV6_SRC = 4,			/* u128 bits */
+	ATTR_IPV6_SRC = ATTR_ORIG_IPV6_SRC,	/* alias */
+	ATTR_ORIG_IPV6_DST,			/* u128 bits */
+	ATTR_IPV6_DST = ATTR_ORIG_IPV6_DST,	/* alias */
+	ATTR_REPL_IPV6_SRC,			/* u128 bits */
+	ATTR_REPL_IPV6_DST,			/* u128 bits */
+	ATTR_ORIG_PORT_SRC = 8,			/* u16 bits */
+	ATTR_PORT_SRC = ATTR_ORIG_PORT_SRC,	/* alias */
+	ATTR_ORIG_PORT_DST,			/* u16 bits */
+	ATTR_PORT_DST = ATTR_ORIG_PORT_DST,	/* alias */
+	ATTR_REPL_PORT_SRC,			/* u16 bits */
+	ATTR_REPL_PORT_DST,			/* u16 bits */
+	ATTR_ICMP_TYPE = 12,			/* u8 bits */
+	ATTR_ICMP_CODE,				/* u8 bits */
+	ATTR_ICMP_ID,				/* u16 bits */
+	ATTR_ORIG_L3PROTO,			/* u8 bits */
+	ATTR_L3PROTO = ATTR_ORIG_L3PROTO,	/* alias */
+	ATTR_REPL_L3PROTO = 16,			/* u8 bits */
+	ATTR_ORIG_L4PROTO,			/* u8 bits */
+	ATTR_L4PROTO = ATTR_ORIG_L4PROTO,	/* alias */
+	ATTR_REPL_L4PROTO,			/* u8 bits */
+	ATTR_TCP_STATE,				/* u8 bits */
+	ATTR_SNAT_IPV4 = 20,			/* u32 bits */
+	ATTR_DNAT_IPV4,				/* u32 bits */
+	ATTR_SNAT_PORT,				/* u16 bits */
+	ATTR_DNAT_PORT,				/* u16 bits */
+	ATTR_TIMEOUT = 24,			/* u32 bits */
+	ATTR_MARK,				/* u32 bits */
+	ATTR_ORIG_COUNTER_PACKETS,		/* u32 bits */
+	ATTR_REPL_COUNTER_PACKETS,		/* u32 bits */
+	ATTR_ORIG_COUNTER_BYTES = 28,		/* u32 bits */
+	ATTR_REPL_COUNTER_BYTES,		/* u32 bits */
+	ATTR_USE,				/* u32 bits */
+	ATTR_ID,				/* u32 bits */
+	ATTR_STATUS = 32,			/* u32 bits  */
 	ATTR_MAX
 };
 
@@ -289,6 +297,12 @@
 /* clone */
 extern struct nf_expect *nfexp_clone(const struct nf_expect *exp);
 
+/* object size */
+extern size_t nfexp_sizeof(const struct nf_expect *exp);
+
+/* maximum object size */
+extern size_t nfexp_maxsize(void);
+
 /* register / unregister callback */
 
 extern int nfexp_callback_register(struct nfct_handle *h,

Modified: trunk/libnetfilter_conntrack/src/expect/api.c
===================================================================
--- trunk/libnetfilter_conntrack/src/expect/api.c	2007-05-06 17:36:13 UTC (rev 6820)
+++ trunk/libnetfilter_conntrack/src/expect/api.c	2007-05-06 17:39:00 UTC (rev 6821)
@@ -43,6 +43,35 @@
 }
 
 /**
+ * nfexp_sizeof - return the size in bytes of a certain expect object
+ * @exp: pointer to the expect object
+ */
+size_t nfexp_sizeof(const struct nf_expect *exp)
+{
+	assert(exp != NULL);
+	return sizeof(*exp);
+}
+
+/**
+ * nfexp_maxsize - return the maximum size in bytes of a expect object
+ *
+ * Use this function if you want to allocate a expect object in the stack
+ * instead of the heap. For example:
+ *
+ * char buf[nfexp_maxsize()];
+ * struct nf_expect *exp = (struct nf_expect *) buf;
+ * memset(exp, 0, nfexp_maxsize());
+ *
+ * Note: As for now this function returns the same size that nfexp_sizeof(exp)
+ * does although _this could change in the future_. Therefore, do not assume
+ * that nfexp_sizeof(exp) == nfexp_maxsize().
+ */
+size_t nfexp_maxsize()
+{
+	return sizeof(struct nf_expect);
+}
+
+/**
  * nfexp_clone - clone a expectation object
  * @exp: pointer to a valid expectation object
  *

Modified: trunk/libnetfilter_conntrack/src/expect/build.c
===================================================================
--- trunk/libnetfilter_conntrack/src/expect/build.c	2007-05-06 17:36:13 UTC (rev 6820)
+++ trunk/libnetfilter_conntrack/src/expect/build.c	2007-05-06 17:39:00 UTC (rev 6821)
@@ -21,35 +21,37 @@
 		   u_int16_t flags,
 		   const struct nf_expect *exp)
 {
-	u_int8_t l3num = exp->master.tuple[NFCT_DIR_ORIGINAL].l3protonum;
+	u_int8_t l3num;
 
-	if (!test_bit(ATTR_ORIG_L3PROTO, exp->master.set)) {
-		errno = EINVAL;
-		return -1;
-	}
+	if (test_bit(ATTR_ORIG_L3PROTO, exp->master.set))
+		l3num = exp->master.tuple[NFCT_DIR_ORIGINAL].l3protonum;
+	else if (test_bit(ATTR_ORIG_L3PROTO, exp->expected.set))
+		l3num = exp->expected.tuple[NFCT_DIR_ORIGINAL].l3protonum;
 
 	memset(req, 0, size);
 
 	nfnl_fill_hdr(ssh, &req->nlh, 0, l3num, 0, type, flags);
 
-	__build_tuple(req,
-		      size,
-		      &exp->expected.tuple[__DIR_ORIG],
-		      CTA_EXPECT_TUPLE);
+	if (test_bit(ATTR_EXP_EXPECTED, exp->set)) {
+		__build_tuple(req,
+			      size,
+			      &exp->expected.tuple[__DIR_ORIG],
+			      CTA_EXPECT_TUPLE);
+	}
 
-	/* get and delete only require the expectation tuple */
-	if (type == IPCTNL_MSG_EXP_GET || type == IPCTNL_MSG_EXP_DELETE)
-		return 0;
+	if (test_bit(ATTR_EXP_MASTER, exp->set)) {
+		__build_tuple(req,
+			      size,
+			      &exp->master.tuple[__DIR_ORIG],
+			      CTA_EXPECT_MASTER);
+	}
 
-	__build_tuple(req,
-		      size,
-		      &exp->master.tuple[__DIR_ORIG],
-		      CTA_EXPECT_MASTER);
-	
-	__build_tuple(req,
-		      size,
-		      &exp->mask.tuple[__DIR_ORIG],
-		      CTA_EXPECT_MASK);
+	if (test_bit(ATTR_EXP_MASK, exp->set)) {
+		__build_tuple(req,
+			      size,
+			      &exp->mask.tuple[__DIR_ORIG],
+			      CTA_EXPECT_MASK);
+	}
 
 	if (test_bit(ATTR_EXP_TIMEOUT, exp->set))
 		__build_timeout(req, size, exp);

Modified: trunk/libnetfilter_conntrack/utils/Makefile.am
===================================================================
--- trunk/libnetfilter_conntrack/utils/Makefile.am	2007-05-06 17:36:13 UTC (rev 6820)
+++ trunk/libnetfilter_conntrack/utils/Makefile.am	2007-05-06 17:39:00 UTC (rev 6821)
@@ -1,15 +1,37 @@
 include $(top_srcdir)/Make_global.am
 
-bin_PROGRAMS = ctnl_test new_api_test expect_api_test
+bin_PROGRAMS = ctnl_test new_api_test \
+	       expect_dump expect_create expect_get expect_delete \
+	       expect_flush expect_events
 
 new_api_test_SOURCES = new_api_test.c
 new_api_test_LDADD = ../src/libnetfilter_conntrack.la
 new_api_test_LDFLAGS = -dynamic -ldl
 
-expect_api_test_SOURCES = expect_api_test.c
-expect_api_test_LDADD = ../src/libnetfilter_conntrack.la
-expect_api_test_LDFLAGS = -dynamic -ldl
-
 ctnl_test_SOURCES = ctnl_test.c
 ctnl_test_LDADD = ../src/libnetfilter_conntrack.la
 ctnl_test_LDFLAGS = -dynamic -ldl
+
+expect_dump_SOURCES = expect_dump.c
+expect_dump_LDADD = ../src/libnetfilter_conntrack.la
+expect_dump_LDFLAGS = -dynamic -ldl
+
+expect_create_SOURCES = expect_create.c
+expect_create_LDADD = ../src/libnetfilter_conntrack.la
+expect_create_LDFLAGS = -dynamic -ldl
+
+expect_get_SOURCES = expect_get.c
+expect_get_LDADD = ../src/libnetfilter_conntrack.la
+expect_get_LDFLAGS = -dynamic -ldl
+
+expect_delete_SOURCES = expect_delete.c
+expect_delete_LDADD = ../src/libnetfilter_conntrack.la
+expect_delete_LDFLAGS = -dynamic -ldl
+
+expect_flush_SOURCES = expect_flush.c
+expect_flush_LDADD = ../src/libnetfilter_conntrack.la
+expect_flush_LDFLAGS = -dynamic -ldl
+
+expect_events_SOURCES = expect_events.c
+expect_events_LDADD = ../src/libnetfilter_conntrack.la
+expect_events_LDFLAGS = -dynamic -ldl

Modified: trunk/libnetfilter_conntrack/utils/ctnl_test.c
===================================================================
--- trunk/libnetfilter_conntrack/utils/ctnl_test.c	2007-05-06 17:36:13 UTC (rev 6820)
+++ trunk/libnetfilter_conntrack/utils/ctnl_test.c	2007-05-06 17:39:00 UTC (rev 6821)
@@ -7,6 +7,10 @@
  * (at your option) any later version.
  *
  * libnetfilter_conntrack test file: yet incomplete
+ *
+ * XXX: This is the test file for the *old* libnetfilter_conntrack API.
+ *	Please, do not use this API for new applications since the old
+ *	API will be removed soon.
  */
 
 #include <stdio.h>

Deleted: trunk/libnetfilter_conntrack/utils/expect_api_test.c
===================================================================
--- trunk/libnetfilter_conntrack/utils/expect_api_test.c	2007-05-06 17:36:13 UTC (rev 6820)
+++ trunk/libnetfilter_conntrack/utils/expect_api_test.c	2007-05-06 17:39:00 UTC (rev 6821)
@@ -1,160 +0,0 @@
-#include <stdio.h>
-#include <stdlib.h>
-#include <errno.h>
-
-#include <libnetfilter_conntrack/libnetfilter_conntrack.h>
-#include <libnetfilter_conntrack/libnetfilter_conntrack_tcp.h>
-
-static int cb(enum nf_conntrack_msg_type type,
-	      struct nf_expect *exp,
-	      void *data)
-{
-	char buf[1024];
-
-	nfexp_snprintf(buf, 1024, exp, NFCT_T_UNKNOWN, NFCT_O_DEFAULT, 0);
-	printf("%s\n", buf);
-
-	return NFCT_CB_CONTINUE;
-}
-
-static int event_cb(enum nf_conntrack_msg_type type,
-		    struct nf_expect *exp,
-		    void *data)
-{
-	static int n = 0;
-	char buf[1024];
-
-	nfexp_snprintf(buf, 1024, exp, type, NFCT_O_DEFAULT, 0);
-	printf("%s\n", buf);
-
-	if (++n == 10)
-		return NFCT_CB_STOP;
-
-	return NFCT_CB_CONTINUE;
-}
-
-int main()
-{
-	int ret;
-	u_int8_t family = AF_INET;
-	struct nfct_handle *h;
-	struct nf_conntrack *master, *expected, *mask;
-	struct nf_expect *exp;
-	char buf[1024];
-
-	printf("Test for NEW expectation libnetfilter_conntrack API\n");
-	printf("===================================================\n");
-
-	master = nfct_new();
-	if (!master) {
-		perror("nfct_new");
-		exit(EXIT_FAILURE);
-	}
-
-	nfct_set_attr_u8(master, ATTR_ORIG_L3PROTO, AF_INET);
-	nfct_set_attr_u32(master, ATTR_ORIG_IPV4_SRC, inet_addr("1.1.1.1"));
-	nfct_set_attr_u32(master, ATTR_ORIG_IPV4_DST, inet_addr("2.2.2.2"));
-
-	nfct_set_attr_u8(master, ATTR_ORIG_L4PROTO, IPPROTO_TCP);
-	nfct_set_attr_u16(master, ATTR_ORIG_PORT_SRC, htons(1025));
-	nfct_set_attr_u16(master, ATTR_ORIG_PORT_DST, htons(21));
-
-	nfct_set_attr_u8(master, ATTR_REPL_L3PROTO, AF_INET);
-	nfct_set_attr_u32(master, ATTR_REPL_IPV4_SRC, inet_addr("2.2.2.2"));
-	nfct_set_attr_u32(master, ATTR_REPL_IPV4_DST, inet_addr("1.1.1.1"));
-
-	nfct_set_attr_u8(master, ATTR_REPL_L4PROTO, IPPROTO_TCP);
-	nfct_set_attr_u16(master, ATTR_REPL_PORT_SRC, htons(21));
-	nfct_set_attr_u16(master, ATTR_REPL_PORT_DST, htons(1025));
-
-	nfct_set_attr_u8(master, ATTR_TCP_STATE, TCP_CONNTRACK_LISTEN);
-	nfct_set_attr_u32(master, ATTR_TIMEOUT, 200);
-
-	h = nfct_open(CONNTRACK, 0);
-	if (!h) {
-		perror("nfct_open");
-		return -1;
-	}
-
-	ret = nfct_query(h, NFCT_Q_CREATE, master);
-
-	printf("TEST 1: create conntrack (%d)(%s)\n", ret, strerror(errno));
-
-	nfct_close(h);
-
-	expected = nfct_new();
-	if (!expected) {
-		perror("nfct_new");
-		exit(EXIT_FAILURE);
-	}
-
-	nfct_set_attr_u8(expected, ATTR_ORIG_L3PROTO, AF_INET);
-	nfct_set_attr_u32(expected, ATTR_ORIG_IPV4_SRC, inet_addr("4.4.4.4"));
-	nfct_set_attr_u32(expected, ATTR_ORIG_IPV4_DST, inet_addr("5.5.5.5"));
-
-	nfct_set_attr_u8(expected, ATTR_ORIG_L4PROTO, IPPROTO_TCP);
-	nfct_set_attr_u16(expected, ATTR_ORIG_PORT_SRC, htons(10240));
-	nfct_set_attr_u16(expected, ATTR_ORIG_PORT_DST, htons(10241));
-
-	mask = nfct_new();
-	if (!mask) {
-		perror("nfct_new");
-		exit(EXIT_FAILURE);
-	}
-
-	nfct_set_attr_u8(mask, ATTR_ORIG_L3PROTO, AF_INET);
-	nfct_set_attr_u32(mask, ATTR_ORIG_IPV4_SRC, 0xffffffff);
-	nfct_set_attr_u32(mask, ATTR_ORIG_IPV4_DST, 0xffffffff);
-
-	nfct_set_attr_u8(mask, ATTR_ORIG_L4PROTO, IPPROTO_TCP);
-	nfct_set_attr_u16(mask, ATTR_ORIG_PORT_SRC, 0xffff);
-	nfct_set_attr_u16(mask, ATTR_ORIG_PORT_DST, 0xffff);
-	
-	exp = nfexp_new();
-	if (!exp) {
-		perror("nfexp_new");
-		exit(EXIT_FAILURE);
-	}
-
-	nfexp_set_attr(exp, ATTR_EXP_MASTER, master);
-	nfexp_set_attr(exp, ATTR_EXP_EXPECTED, expected);
-	nfexp_set_attr(exp, ATTR_EXP_MASK, mask);
-	nfexp_set_attr_u32(exp, ATTR_EXP_TIMEOUT, 200);
-
-	h = nfct_open(EXPECT, 0);
-	if (!h) {
-		perror("nfct_open");
-		return -1;
-	}
-
-	ret = nfexp_query(h, NFCT_Q_CREATE, exp);
-
-	printf("TEST 2: create expectation (%d)(%s)\n", ret, strerror(errno));
-
-	nfexp_callback_register(h, NFCT_T_ALL, cb, NULL);
-	ret = nfexp_query(h, NFCT_Q_GET, exp);
-
-	printf("TEST 3: get expectation (%d)(%s)\n", ret, strerror(errno));
-
-	ret = nfexp_query(h, NFCT_Q_DESTROY, exp);
-
-	printf("TEST 4: destroy expectation (%d)(%s)\n", ret, strerror(errno));
-
-	nfct_close(h);
-
-	h = nfct_open(EXPECT, NF_NETLINK_CONNTRACK_EXP_NEW);
-	if (!h) {
-		perror("nfct_open");
-		return -1;
-	}
-
-	nfexp_callback_register(h, NFCT_T_ALL, event_cb, NULL);
-
-	printf("TEST 5: waiting for 10 events...\n");
-
-	ret = nfexp_catch(h);
-
-	printf("TEST 5: OK (%d)(%s)\n", ret, strerror(errno));
-
-	nfct_close(h);
-}

Added: trunk/libnetfilter_conntrack/utils/expect_create.c
===================================================================
--- trunk/libnetfilter_conntrack/utils/expect_create.c	                        (rev 0)
+++ trunk/libnetfilter_conntrack/utils/expect_create.c	2007-05-06 17:39:00 UTC (rev 6821)
@@ -0,0 +1,117 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <errno.h>
+
+#include <libnetfilter_conntrack/libnetfilter_conntrack.h>
+#include <libnetfilter_conntrack/libnetfilter_conntrack_tcp.h>
+
+int main()
+{
+	int ret;
+	struct nfct_handle *h;
+	struct nf_conntrack *master, *expected, *mask;
+	struct nf_expect *exp;
+
+	/*
+	 * Step 1: Setup master conntrack
+	 */
+
+	master = nfct_new();
+	if (!master) {
+		perror("nfct_new");
+		exit(EXIT_FAILURE);
+	}
+
+	nfct_set_attr_u8(master, ATTR_ORIG_L3PROTO, AF_INET);
+	nfct_set_attr_u32(master, ATTR_ORIG_IPV4_SRC, inet_addr("1.1.1.1"));
+	nfct_set_attr_u32(master, ATTR_ORIG_IPV4_DST, inet_addr("2.2.2.2"));
+
+	nfct_set_attr_u8(master, ATTR_ORIG_L4PROTO, IPPROTO_TCP);
+	nfct_set_attr_u16(master, ATTR_ORIG_PORT_SRC, htons(1025));
+	nfct_set_attr_u16(master, ATTR_ORIG_PORT_DST, htons(21));
+
+	nfct_set_attr_u8(master, ATTR_REPL_L3PROTO, AF_INET);
+	nfct_set_attr_u32(master, ATTR_REPL_IPV4_SRC, inet_addr("2.2.2.2"));
+	nfct_set_attr_u32(master, ATTR_REPL_IPV4_DST, inet_addr("1.1.1.1"));
+
+	nfct_set_attr_u8(master, ATTR_REPL_L4PROTO, IPPROTO_TCP);
+	nfct_set_attr_u16(master, ATTR_REPL_PORT_SRC, htons(21));
+	nfct_set_attr_u16(master, ATTR_REPL_PORT_DST, htons(1025));
+
+	nfct_set_attr_u8(master, ATTR_TCP_STATE, TCP_CONNTRACK_LISTEN);
+	nfct_set_attr_u32(master, ATTR_TIMEOUT, 200);
+
+	h = nfct_open(CONNTRACK, 0);
+	if (!h) {
+		perror("nfct_open");
+		return -1;
+	}
+
+	ret = nfct_query(h, NFCT_Q_CREATE, master);
+
+	printf("TEST: add master conntrack (%d)(%s)\n", ret, strerror(errno));
+
+	nfct_close(h);
+
+	expected = nfct_new();
+	if (!expected) {
+		perror("nfct_new");
+		exit(EXIT_FAILURE);
+	}
+
+	nfct_set_attr_u8(expected, ATTR_L3PROTO, AF_INET);
+	nfct_set_attr_u32(expected, ATTR_IPV4_SRC, inet_addr("4.4.4.4"));
+	nfct_set_attr_u32(expected, ATTR_IPV4_DST, inet_addr("5.5.5.5"));
+
+	nfct_set_attr_u8(expected, ATTR_L4PROTO, IPPROTO_TCP);
+	nfct_set_attr_u16(expected, ATTR_PORT_SRC, htons(10240));
+	nfct_set_attr_u16(expected, ATTR_PORT_DST, htons(10241));
+
+	mask = nfct_new();
+	if (!mask) {
+		perror("nfct_new");
+		exit(EXIT_FAILURE);
+	}
+
+	nfct_set_attr_u8(mask, ATTR_L3PROTO, AF_INET);
+	nfct_set_attr_u32(mask, ATTR_IPV4_SRC, 0xffffffff);
+	nfct_set_attr_u32(mask, ATTR_IPV4_DST, 0xffffffff);
+
+	nfct_set_attr_u8(mask, ATTR_L4PROTO, IPPROTO_TCP);
+	nfct_set_attr_u16(mask, ATTR_PORT_SRC, 0xffff);
+	nfct_set_attr_u16(mask, ATTR_PORT_DST, 0xffff);
+
+	/*
+	 * Step 2: Setup expectation
+	 */
+	
+	exp = nfexp_new();
+	if (!exp) {
+		perror("nfexp_new");
+		exit(EXIT_FAILURE);
+	}
+
+	nfexp_set_attr(exp, ATTR_EXP_MASTER, master);
+	nfexp_set_attr(exp, ATTR_EXP_EXPECTED, expected);
+	nfexp_set_attr(exp, ATTR_EXP_MASK, mask);
+	nfexp_set_attr_u32(exp, ATTR_EXP_TIMEOUT, 200);
+
+	nfct_destroy(master);
+	nfct_destroy(expected);
+	nfct_destroy(mask);
+
+	h = nfct_open(EXPECT, 0);
+	if (!h) {
+		perror("nfct_open");
+		return -1;
+	}
+
+	ret = nfexp_query(h, NFCT_Q_CREATE, exp);
+
+	printf("TEST: create expectation (%d)(%s)\n", ret, strerror(errno));
+
+	if (ret == -1)
+		exit(EXIT_FAILURE);
+
+	exit(EXIT_SUCCESS);
+}

Added: trunk/libnetfilter_conntrack/utils/expect_delete.c
===================================================================
--- trunk/libnetfilter_conntrack/utils/expect_delete.c	                        (rev 0)
+++ trunk/libnetfilter_conntrack/utils/expect_delete.c	2007-05-06 17:39:00 UTC (rev 6821)
@@ -0,0 +1,50 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <errno.h>
+
+#include <libnetfilter_conntrack/libnetfilter_conntrack.h>
+
+int main()
+{
+	int ret;
+	struct nfct_handle *h;
+	struct nf_conntrack *expected;
+	struct nf_expect *exp;
+
+	expected = nfct_new();
+	if (!expected) {
+		perror("nfct_new");
+		exit(EXIT_FAILURE);
+	}
+
+	nfct_set_attr_u8(expected, ATTR_L3PROTO, AF_INET);
+	nfct_set_attr_u32(expected, ATTR_IPV4_SRC, inet_addr("4.4.4.4"));
+	nfct_set_attr_u32(expected, ATTR_IPV4_DST, inet_addr("5.5.5.5"));
+
+	nfct_set_attr_u8(expected, ATTR_L4PROTO, IPPROTO_TCP);
+	nfct_set_attr_u16(expected, ATTR_PORT_SRC, htons(10240));
+	nfct_set_attr_u16(expected, ATTR_PORT_DST, htons(10241));
+
+	exp = nfexp_new();
+	if (!exp) {
+		perror("nfexp_new");
+		exit(EXIT_FAILURE);
+	}
+
+	nfexp_set_attr(exp, ATTR_EXP_EXPECTED, expected);
+
+	h = nfct_open(EXPECT, 0);
+	if (!h) {
+		perror("nfct_open");
+		return -1;
+	}
+
+	ret = nfexp_query(h, NFCT_Q_DESTROY, exp);
+
+	printf("TEST: delete expectation (%d)(%s)\n", ret, strerror(errno));
+
+	if (ret == -1)
+		exit(EXIT_FAILURE);
+
+	exit(EXIT_SUCCESS);
+}

Added: trunk/libnetfilter_conntrack/utils/expect_dump.c
===================================================================
--- trunk/libnetfilter_conntrack/utils/expect_dump.c	                        (rev 0)
+++ trunk/libnetfilter_conntrack/utils/expect_dump.c	2007-05-06 17:39:00 UTC (rev 6821)
@@ -0,0 +1,40 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <errno.h>
+
+#include <libnetfilter_conntrack/libnetfilter_conntrack.h>
+
+static int cb(enum nf_conntrack_msg_type type,
+	      struct nf_expect *exp,
+	      void *data)
+{
+	char buf[1024];
+
+	nfexp_snprintf(buf, 1024, exp, NFCT_T_UNKNOWN, NFCT_O_DEFAULT, 0);
+	printf("%s\n", buf);
+
+	return NFCT_CB_CONTINUE;
+}
+
+int main()
+{
+	int ret;
+	u_int8_t family = AF_INET;
+	struct nfct_handle *h;
+
+	h = nfct_open(EXPECT, 0);
+	if (!h) {
+		perror("nfct_open");
+		return -1;
+	}
+
+	nfexp_callback_register(h, NFCT_T_ALL, cb, NULL);
+	ret = nfexp_query(h, NFCT_Q_DUMP, &family);
+
+	printf("TEST: get expectation (%d)(%s)\n", ret, strerror(errno));
+
+	if (ret == -1)
+		exit(EXIT_FAILURE);
+
+	exit(EXIT_SUCCESS);
+}

Added: trunk/libnetfilter_conntrack/utils/expect_events.c
===================================================================
--- trunk/libnetfilter_conntrack/utils/expect_events.c	                        (rev 0)
+++ trunk/libnetfilter_conntrack/utils/expect_events.c	2007-05-06 17:39:00 UTC (rev 6821)
@@ -0,0 +1,48 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <errno.h>
+
+#include <libnetfilter_conntrack/libnetfilter_conntrack.h>
+
+static int event_cb(enum nf_conntrack_msg_type type,
+		    struct nf_expect *exp,
+		    void *data)
+{
+	static int n = 0;
+	char buf[1024];
+
+	nfexp_snprintf(buf, 1024, exp, type, NFCT_O_DEFAULT, 0);
+	printf("%s\n", buf);
+
+	if (++n == 10)
+		return NFCT_CB_STOP;
+
+	return NFCT_CB_CONTINUE;
+}
+
+int main()
+{
+	int ret;
+	struct nfct_handle *h;
+
+	h = nfct_open(EXPECT, NF_NETLINK_CONNTRACK_EXP_NEW);
+	if (!h) {
+		perror("nfct_open");
+		return -1;
+	}
+
+	nfexp_callback_register(h, NFCT_T_ALL, event_cb, NULL);
+
+	printf("TEST: waiting for 10 expectation events...\n");
+
+	ret = nfexp_catch(h);
+
+	printf("TEST: OK (%d)(%s)\n", ret, strerror(errno));
+
+	nfct_close(h);
+
+	if (ret == -1)
+		exit(EXIT_FAILURE);
+
+	exit(EXIT_SUCCESS);
+}

Added: trunk/libnetfilter_conntrack/utils/expect_flush.c
===================================================================
--- trunk/libnetfilter_conntrack/utils/expect_flush.c	                        (rev 0)
+++ trunk/libnetfilter_conntrack/utils/expect_flush.c	2007-05-06 17:39:00 UTC (rev 6821)
@@ -0,0 +1,27 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <errno.h>
+
+#include <libnetfilter_conntrack/libnetfilter_conntrack.h>
+
+int main()
+{
+	int ret;
+	u_int8_t family = AF_INET;
+	struct nfct_handle *h;
+
+	h = nfct_open(EXPECT, 0);
+	if (!h) {
+		perror("nfct_open");
+		return -1;
+	}
+
+	ret = nfexp_query(h, NFCT_Q_FLUSH, &family);
+
+	printf("TEST: flush expectation (%d)(%s)\n", ret, strerror(errno));
+
+	if (ret == -1)
+		exit(EXIT_FAILURE);
+
+	exit(EXIT_SUCCESS);
+}

Added: trunk/libnetfilter_conntrack/utils/expect_get.c
===================================================================
--- trunk/libnetfilter_conntrack/utils/expect_get.c	                        (rev 0)
+++ trunk/libnetfilter_conntrack/utils/expect_get.c	2007-05-06 17:39:00 UTC (rev 6821)
@@ -0,0 +1,63 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <errno.h>
+
+#include <libnetfilter_conntrack/libnetfilter_conntrack.h>
+
+static int cb(enum nf_conntrack_msg_type type,
+	      struct nf_expect *exp,
+	      void *data)
+{
+	char buf[1024];
+
+	nfexp_snprintf(buf, 1024, exp, NFCT_T_UNKNOWN, NFCT_O_DEFAULT, 0);
+	printf("%s\n", buf);
+
+	return NFCT_CB_CONTINUE;
+}
+
+int main()
+{
+	int ret;
+	struct nfct_handle *h;
+	struct nf_conntrack *master;
+	struct nf_expect *exp;
+
+	master = nfct_new();
+	if (!master) {
+		perror("nfct_new");
+		exit(EXIT_FAILURE);
+	}
+
+	nfct_set_attr_u8(master, ATTR_L3PROTO, AF_INET);
+	nfct_set_attr_u32(master, ATTR_IPV4_SRC, inet_addr("4.4.4.4"));
+	nfct_set_attr_u32(master, ATTR_IPV4_DST, inet_addr("5.5.5.5"));
+
+	nfct_set_attr_u8(master, ATTR_L4PROTO, IPPROTO_TCP);
+	nfct_set_attr_u16(master, ATTR_PORT_SRC, htons(10240));
+	nfct_set_attr_u16(master, ATTR_PORT_DST, htons(10241));
+
+	exp = nfexp_new();
+	if (!exp) {
+		perror("nfexp_new");
+		exit(EXIT_FAILURE);
+	}
+
+	nfexp_set_attr(exp, ATTR_EXP_MASTER, master);
+
+	h = nfct_open(EXPECT, 0);
+	if (!h) {
+		perror("nfct_open");
+		return -1;
+	}
+
+	nfexp_callback_register(h, NFCT_T_ALL, cb, NULL);
+	ret = nfexp_query(h, NFCT_Q_GET, exp);
+
+	printf("TEST: get expectation (%d)(%s)\n", ret, strerror(errno));
+
+	if (ret == -1)
+		exit(EXIT_FAILURE);
+
+	exit(EXIT_SUCCESS);
+}

More information about the netfilter-cvslog mailing list