src/nf-ct-events.c - platform/external/libnl - Git at Google

 /* SPDX-License-Identifier: LGPL-2.1-only */
 /*
  * src/nf-ct-events.c	  Listen on Conntrack Events
  *
  *	This library is free software; you can redistribute it and/or
  *	modify it under the terms of the GNU Lesser General Public
  *	License as published by the Free Software Foundation version 2.1
  *	of the License.
  *
  * Copyright (c) 2018 Avast software
  */

 #include <netlink/cli/utils.h>
 #include <netlink/cli/ct.h>

 #include <linux/netlink.h>
 #include <linux/netfilter/nfnetlink.h>
 #include <linux/netfilter/nfnetlink_conntrack.h>

 struct private_nl_object
 {
 	int			ce_refcnt;
 	struct nl_object_ops *	ce_ops;
 	struct nl_cache *	ce_cache;
 	struct nl_list_head	ce_list;
 	int			ce_msgtype;
 	int			ce_flags;
 	uint64_t		ce_mask;
 };

 static void nf_conntrack_parse_callback(struct nl_object *obj, void *opaque)
 {
 	struct nl_dump_params params = {
 		.dp_fd = stdout,
 		.dp_type = NL_DUMP_DETAILS,
 	};

 	nl_object_dump(obj, &params);
 }

 static int nf_conntrack_event_callback(struct nl_msg *msg, void *opaque)
 {
 	int err;
 	struct nlmsghdr *hdr = nlmsg_hdr(msg);

 	enum cntl_msg_types type = (enum cntl_msg_types) NFNL_MSG_TYPE(hdr->nlmsg_type);

 	int flags = hdr->nlmsg_flags;

 	if (type == IPCTNL_MSG_CT_DELETE) {
 		printf("DELETE ");
 	} else if (type == IPCTNL_MSG_CT_NEW) {
 		if (flags & (NLM_F_CREATE|NLM_F_EXCL)) {
 			printf("NEW ");
 		} else {
 			printf("UPDATE ");
 		}
 	} else {
 		printf("UNKNOWN ");
 	}

 	if ((err = nl_msg_parse(msg, &nf_conntrack_parse_callback, opaque)) < 0) {
 		nl_cli_fatal(err, "nl_msg_parse: %s", nl_geterror(err));
 	}
 	/* Continue with next event */
 	return NL_OK;
 }

 int main(int argc, char *argv[])
 {
 	struct nl_sock *socket;
 	int err;

 	socket = nl_cli_alloc_socket();
 	if (socket == NULL) {
 		nl_cli_fatal(ENOBUFS, "Unable to allocate netlink socket");
 	}

 	/*
 	 * Disable sequence number checking.
 	 * This is required to allow messages to be processed which were not requested by
 	 * a preceding request message, e.g. netlink events.
 	 */
 	nl_socket_disable_seq_check(socket);

 	/* subscribe conntrack events */
 	nl_join_groups(socket, NF_NETLINK_CONNTRACK_NEW |
 												 NF_NETLINK_CONNTRACK_UPDATE |
 												 NF_NETLINK_CONNTRACK_DESTROY |
 												 NF_NETLINK_CONNTRACK_EXP_NEW |
 												 NF_NETLINK_CONNTRACK_EXP_UPDATE |
 												 NF_NETLINK_CONNTRACK_EXP_DESTROY);

 	nl_cli_connect(socket, NETLINK_NETFILTER);

 	nl_socket_modify_cb(socket, NL_CB_VALID, NL_CB_CUSTOM, &nf_conntrack_event_callback, 0);

 	while (1) {

 		errno = 0;
 		if ((err = nl_recvmsgs_default(socket)) < 0) {
 			switch (errno) {
 				case 	ENOBUFS:
 					// just print warning
 					fprintf(stderr, "Lost events because of ENOBUFS\n");
 					break;
 				case EAGAIN:
 				case EINTR:
 					// continue reading
 					break;
 				default:
 					nl_cli_fatal(err, "Failed to receive: %s", nl_geterror(err));
 			}
 		}
 	}
 }
	/* SPDX-License-Identifier: LGPL-2.1-only */
	/*
	* src/nf-ct-events.c Listen on Conntrack Events
	*
	* This library is free software; you can redistribute it and/or
	* modify it under the terms of the GNU Lesser General Public
	* License as published by the Free Software Foundation version 2.1
	* of the License.
	*
	* Copyright (c) 2018 Avast software
	*/

	#include <netlink/cli/utils.h>
	#include <netlink/cli/ct.h>

	#include <linux/netlink.h>
	#include <linux/netfilter/nfnetlink.h>
	#include <linux/netfilter/nfnetlink_conntrack.h>

	struct private_nl_object
	{
	int ce_refcnt;
	struct nl_object_ops * ce_ops;
	struct nl_cache * ce_cache;
	struct nl_list_head ce_list;
	int ce_msgtype;
	int ce_flags;
	uint64_t ce_mask;
	};

	static void nf_conntrack_parse_callback(struct nl_object obj, void opaque)
	{
	struct nl_dump_params params = {
	.dp_fd = stdout,
	.dp_type = NL_DUMP_DETAILS,
	};

	nl_object_dump(obj, &params);
	}

	static int nf_conntrack_event_callback(struct nl_msg msg, void opaque)
	{
	int err;
	struct nlmsghdr *hdr = nlmsg_hdr(msg);

	enum cntl_msg_types type = (enum cntl_msg_types) NFNL_MSG_TYPE(hdr->nlmsg_type);

	int flags = hdr->nlmsg_flags;

	if (type == IPCTNL_MSG_CT_DELETE) {
	printf("DELETE ");
	} else if (type == IPCTNL_MSG_CT_NEW) {
	if (flags & (NLM_F_CREATE\|NLM_F_EXCL)) {
	printf("NEW ");
	} else {
	printf("UPDATE ");
	}
	} else {
	printf("UNKNOWN ");
	}

	if ((err = nl_msg_parse(msg, &nf_conntrack_parse_callback, opaque)) < 0) {
	nl_cli_fatal(err, "nl_msg_parse: %s", nl_geterror(err));
	}
	/* Continue with next event */
	return NL_OK;
	}

	int main(int argc, char *argv[])
	{
	struct nl_sock *socket;
	int err;

	socket = nl_cli_alloc_socket();
	if (socket == NULL) {
	nl_cli_fatal(ENOBUFS, "Unable to allocate netlink socket");
	}

	/*
	* Disable sequence number checking.
	* This is required to allow messages to be processed which were not requested by
	* a preceding request message, e.g. netlink events.
	*/
	nl_socket_disable_seq_check(socket);

	/* subscribe conntrack events */
	nl_join_groups(socket, NF_NETLINK_CONNTRACK_NEW \|
	NF_NETLINK_CONNTRACK_UPDATE \|
	NF_NETLINK_CONNTRACK_DESTROY \|
	NF_NETLINK_CONNTRACK_EXP_NEW \|
	NF_NETLINK_CONNTRACK_EXP_UPDATE \|
	NF_NETLINK_CONNTRACK_EXP_DESTROY);

	nl_cli_connect(socket, NETLINK_NETFILTER);

	nl_socket_modify_cb(socket, NL_CB_VALID, NL_CB_CUSTOM, &nf_conntrack_event_callback, 0);

	while (1) {

	errno = 0;
	if ((err = nl_recvmsgs_default(socket)) < 0) {
	switch (errno) {
	case ENOBUFS:
	// just print warning
	fprintf(stderr, "Lost events because of ENOBUFS\n");
	break;
	case EAGAIN:
	case EINTR:
	// continue reading
	break;
	default:
	nl_cli_fatal(err, "Failed to receive: %s", nl_geterror(err));
	}
	}
	}
	}