NetfilterConntrack: Implement f_get_conntrack_xml() to get single conntrack
This commit is contained in:
parent
65e28822be
commit
71d0e6e661
|
@ -1,4 +1,7 @@
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
|
#include <sys/socket.h>
|
||||||
|
#include <netinet/in.h>
|
||||||
|
#include <arpa/inet.h>
|
||||||
#include <libnetfilter_conntrack/libnetfilter_conntrack.h>
|
#include <libnetfilter_conntrack/libnetfilter_conntrack.h>
|
||||||
|
|
||||||
#include "NetfilterConntrack_Functions.hh"
|
#include "NetfilterConntrack_Functions.hh"
|
||||||
|
@ -26,7 +29,7 @@ namespace NetfilterConntrack__Functions
|
||||||
|
|
||||||
h = nfct_open(CONNTRACK, 0);
|
h = nfct_open(CONNTRACK, 0);
|
||||||
if (!h) {
|
if (!h) {
|
||||||
perror("nfct_open");
|
TTCN_error("nfct_open");
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -64,19 +67,44 @@ namespace NetfilterConntrack__Functions
|
||||||
}
|
}
|
||||||
|
|
||||||
/* get a single conntrack entry for given 5-tuple */
|
/* get a single conntrack entry for given 5-tuple */
|
||||||
CHARSTRING f_get_conntrack_xml(CHARSTRING& src_ip, CHARSTRING& dst_ip, INTEGER& proto, INTEGER& src_port, INTEGER& dst_port)
|
CHARSTRING f__get__conntrack__xml(const CHARSTRING& src_ip, const CHARSTRING& dst_ip, const INTEGER& l4_proto, const INTEGER& src_port, const INTEGER& dst_port)
|
||||||
{
|
{
|
||||||
struct nfct_handle *h;
|
struct nfct_handle *h;
|
||||||
|
struct nf_conntrack *ct;
|
||||||
uint32_t family = AF_INET;
|
uint32_t family = AF_INET;
|
||||||
|
struct in_addr ia_src, ia_dst;
|
||||||
int rc;
|
int rc;
|
||||||
CHARSTRING ret_val("<flows xmlns=\"http://www.netfilter.org/xml/libnetfilter_conntrack\">");
|
CHARSTRING ret_val("<flows xmlns=\"http://www.netfilter.org/xml/libnetfilter_conntrack\">");
|
||||||
|
|
||||||
h = _nfct_init(&ret_val);
|
h = _nfct_init(&ret_val);
|
||||||
|
ct = nfct_new();
|
||||||
|
if (!ct) {
|
||||||
|
TTCN_error("error in nfct_new()");
|
||||||
|
}
|
||||||
|
|
||||||
/* FIXME: actually query */
|
if (inet_aton(src_ip, &ia_src) && inet_aton(dst_ip, &ia_dst)) {
|
||||||
|
nfct_set_attr_u8(ct, ATTR_L3PROTO, AF_INET);
|
||||||
|
nfct_set_attr_u32(ct, ATTR_IPV4_SRC, ia_src.s_addr);
|
||||||
|
nfct_set_attr_u32(ct, ATTR_IPV4_DST, ia_dst.s_addr);
|
||||||
|
} else {
|
||||||
|
struct in6_addr ia6_src, ia6_dst;
|
||||||
|
inet_pton(AF_INET6, src_ip, &ia6_src);
|
||||||
|
inet_pton(AF_INET6, src_ip, &ia6_dst);
|
||||||
|
nfct_set_attr_u8(ct, ATTR_L3PROTO, AF_INET6);
|
||||||
|
nfct_set_attr(ct, ATTR_IPV6_SRC, &ia6_src);
|
||||||
|
nfct_set_attr(ct, ATTR_IPV6_DST, &ia6_dst);
|
||||||
|
}
|
||||||
|
|
||||||
|
nfct_set_attr_u8(ct, ATTR_L4PROTO, l4_proto.get_long_long_val());
|
||||||
|
nfct_set_attr_u16(ct, ATTR_PORT_SRC, htons(src_port.get_long_long_val()));
|
||||||
|
nfct_set_attr_u16(ct, ATTR_PORT_DST, htons(dst_port.get_long_long_val()));
|
||||||
|
|
||||||
|
nfct_query(h, NFCT_Q_GET, ct);
|
||||||
|
|
||||||
nfct_close(h);
|
nfct_close(h);
|
||||||
|
|
||||||
|
nfct_destroy(ct);
|
||||||
|
|
||||||
ret_val += "</flows>";
|
ret_val += "</flows>";
|
||||||
return ret_val;
|
return ret_val;
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
module NetfilterConntrack_Functions {
|
module NetfilterConntrack_Functions {
|
||||||
|
|
||||||
external function f_get_conntracks_xml() return charstring;
|
external function f_get_conntracks_xml() return charstring;
|
||||||
//external function f_get_conntrack_xml(charstring src_ip, charstring dst_ip, integer proto, integer src_port, integer dst_port) return charstring;
|
external function f_get_conntrack_xml(charstring src_ip, charstring dst_ip, integer l4_proto, integer src_port, integer dst_port) return charstring;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue