NetfilterConntrack: Implement f_get_conntrack_xml() to get single conntrack
This commit is contained in:
parent
65e28822be
commit
71d0e6e661
|
|
@ -1,4 +1,7 @@
|
|||
#include <string.h>
|
||||
#include <sys/socket.h>
|
||||
#include <netinet/in.h>
|
||||
#include <arpa/inet.h>
|
||||
#include <libnetfilter_conntrack/libnetfilter_conntrack.h>
|
||||
|
||||
#include "NetfilterConntrack_Functions.hh"
|
||||
|
|
@ -26,7 +29,7 @@ namespace NetfilterConntrack__Functions
|
|||
|
||||
h = nfct_open(CONNTRACK, 0);
|
||||
if (!h) {
|
||||
perror("nfct_open");
|
||||
TTCN_error("nfct_open");
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
|
@ -64,19 +67,44 @@ namespace NetfilterConntrack__Functions
|
|||
}
|
||||
|
||||
/* get a single conntrack entry for given 5-tuple */
|
||||
CHARSTRING f_get_conntrack_xml(CHARSTRING& src_ip, CHARSTRING& dst_ip, INTEGER& proto, INTEGER& src_port, INTEGER& dst_port)
|
||||
CHARSTRING f__get__conntrack__xml(const CHARSTRING& src_ip, const CHARSTRING& dst_ip, const INTEGER& l4_proto, const INTEGER& src_port, const INTEGER& dst_port)
|
||||
{
|
||||
struct nfct_handle *h;
|
||||
struct nf_conntrack *ct;
|
||||
uint32_t family = AF_INET;
|
||||
struct in_addr ia_src, ia_dst;
|
||||
int rc;
|
||||
CHARSTRING ret_val("<flows xmlns=\"http://www.netfilter.org/xml/libnetfilter_conntrack\">");
|
||||
|
||||
h = _nfct_init(&ret_val);
|
||||
ct = nfct_new();
|
||||
if (!ct) {
|
||||
TTCN_error("error in nfct_new()");
|
||||
}
|
||||
|
||||
/* FIXME: actually query */
|
||||
if (inet_aton(src_ip, &ia_src) && inet_aton(dst_ip, &ia_dst)) {
|
||||
nfct_set_attr_u8(ct, ATTR_L3PROTO, AF_INET);
|
||||
nfct_set_attr_u32(ct, ATTR_IPV4_SRC, ia_src.s_addr);
|
||||
nfct_set_attr_u32(ct, ATTR_IPV4_DST, ia_dst.s_addr);
|
||||
} else {
|
||||
struct in6_addr ia6_src, ia6_dst;
|
||||
inet_pton(AF_INET6, src_ip, &ia6_src);
|
||||
inet_pton(AF_INET6, src_ip, &ia6_dst);
|
||||
nfct_set_attr_u8(ct, ATTR_L3PROTO, AF_INET6);
|
||||
nfct_set_attr(ct, ATTR_IPV6_SRC, &ia6_src);
|
||||
nfct_set_attr(ct, ATTR_IPV6_DST, &ia6_dst);
|
||||
}
|
||||
|
||||
nfct_set_attr_u8(ct, ATTR_L4PROTO, l4_proto.get_long_long_val());
|
||||
nfct_set_attr_u16(ct, ATTR_PORT_SRC, htons(src_port.get_long_long_val()));
|
||||
nfct_set_attr_u16(ct, ATTR_PORT_DST, htons(dst_port.get_long_long_val()));
|
||||
|
||||
nfct_query(h, NFCT_Q_GET, ct);
|
||||
|
||||
nfct_close(h);
|
||||
|
||||
nfct_destroy(ct);
|
||||
|
||||
ret_val += "</flows>";
|
||||
return ret_val;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
module NetfilterConntrack_Functions {
|
||||
|
||||
external function f_get_conntracks_xml() return charstring;
|
||||
//external function f_get_conntrack_xml(charstring src_ip, charstring dst_ip, integer proto, integer src_port, integer dst_port) return charstring;
|
||||
external function f_get_conntrack_xml(charstring src_ip, charstring dst_ip, integer l4_proto, integer src_port, integer dst_port) return charstring;
|
||||
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue