1 /* 2 * src/nf-ct-list.c List Conntrack Entries 3 * 4 * This library is free software; you can redistribute it and/or 5 * modify it under the terms of the GNU Lesser General Public 6 * License as published by the Free Software Foundation version 2.1 7 * of the License. 8 * 9 * Copyright (c) 2003-2009 Thomas Graf <tgraf (at) suug.ch> 10 * Copyright (c) 2007 Philip Craig <philipc (at) snapgear.com> 11 * Copyright (c) 2007 Secure Computing Corporation 12 */ 13 14 #include <netlink/cli/utils.h> 15 #include <netlink/cli/ct.h> 16 17 static int quiet = 0; 18 19 static void print_usage(void) 20 { 21 printf( 22 "Usage: nf-ct-add [OPTION]... [CONNTRACK ENTRY]\n" 23 "\n" 24 "Options\n" 25 " -q, --quiet Do not print informal notifications.\n" 26 " -h, --help Show this help\n" 27 " -v, --version Show versioning information\n" 28 "\n" 29 "Conntrack Selection\n" 30 " -p, --proto=PROTOCOL Protocol\n" 31 " --orig-src=ADDR Original source address\n" 32 " --orig-sport=PORT Original source port\n" 33 " --orig-dst=ADDR Original destination address\n" 34 " --orig-dport=PORT Original destination port\n" 35 " --reply-src=ADDR Reply source address\n" 36 " --reply-sport=PORT Reply source port\n" 37 " --reply-dst=ADDR Reply destination address\n" 38 " --reply-dport=PORT Reply destination port\n" 39 " -F, --family=FAMILY Address family\n" 40 " --mark=NUM Mark value\n" 41 " --timeout=NUM Timeout value\n" 42 " --status Bitset representing status of connection.\n" 43 " --zone=NUM Zone value\n" 44 ); 45 exit(0); 46 } 47 48 int main(int argc, char *argv[]) 49 { 50 struct nl_sock *sock; 51 struct nfnl_ct *ct; 52 struct nl_dump_params params = { 53 .dp_type = NL_DUMP_LINE, 54 .dp_fd = stdout, 55 }; 56 int err, nlflags = NLM_F_CREATE; 57 58 ct = nl_cli_ct_alloc(); 59 60 for (;;) { 61 int c, optidx = 0; 62 enum { 63 ARG_ORIG_SRC = 257, 64 ARG_ORIG_SPORT = 258, 65 ARG_ORIG_DST, 66 ARG_ORIG_DPORT, 67 ARG_REPLY_SRC, 68 ARG_REPLY_SPORT, 69 ARG_REPLY_DST, 70 ARG_REPLY_DPORT, 71 ARG_MARK, 72 ARG_TIMEOUT, 73 ARG_STATUS, 74 ARG_ZONE, 75 }; 76 static struct option long_opts[] = { 77 { "quiet", 0, 0, 'q' }, 78 { "help", 0, 0, 'h' }, 79 { "version", 0, 0, 'v' }, 80 { "proto", 1, 0, 'p' }, 81 { "orig-src", 1, 0, ARG_ORIG_SRC }, 82 { "orig-sport", 1, 0, ARG_ORIG_SPORT }, 83 { "orig-dst", 1, 0, ARG_ORIG_DST }, 84 { "orig-dport", 1, 0, ARG_ORIG_DPORT }, 85 { "reply-src", 1, 0, ARG_REPLY_SRC }, 86 { "reply-sport", 1, 0, ARG_REPLY_SPORT }, 87 { "reply-dst", 1, 0, ARG_REPLY_DST }, 88 { "reply-dport", 1, 0, ARG_REPLY_DPORT }, 89 { "family", 1, 0, 'F' }, 90 { "mark", 1, 0, ARG_MARK }, 91 { "timeout", 1, 0, ARG_TIMEOUT }, 92 { "status", 1, 0, ARG_STATUS }, 93 { "zone", 1, 0, ARG_ZONE }, 94 { 0, 0, 0, 0 } 95 }; 96 97 c = getopt_long(argc, argv, "46q:hv:p:F:", long_opts, &optidx); 98 if (c == -1) 99 break; 100 101 switch (c) { 102 case '?': exit(NLE_INVAL); 103 case 'q': quiet = 1; break; 104 case '4': nfnl_ct_set_family(ct, AF_INET); break; 105 case '6': nfnl_ct_set_family(ct, AF_INET6); break; 106 case 'h': print_usage(); break; 107 case 'v': nl_cli_print_version(); break; 108 case 'p': nl_cli_ct_parse_protocol(ct, optarg); break; 109 case ARG_ORIG_SRC: nl_cli_ct_parse_src(ct, 0, optarg); break; 110 case ARG_ORIG_SPORT: nl_cli_ct_parse_src_port(ct, 0, optarg); break; 111 case ARG_ORIG_DST: nl_cli_ct_parse_dst(ct, 0, optarg); break; 112 case ARG_ORIG_DPORT: nl_cli_ct_parse_dst_port(ct, 0, optarg); break; 113 case ARG_REPLY_SRC: nl_cli_ct_parse_src(ct, 1, optarg); break; 114 case ARG_REPLY_SPORT: nl_cli_ct_parse_src_port(ct, 1, optarg); break; 115 case ARG_REPLY_DST: nl_cli_ct_parse_dst(ct, 1, optarg); break; 116 case ARG_REPLY_DPORT: nl_cli_ct_parse_dst_port(ct, 1, optarg); break; 117 case 'F': nl_cli_ct_parse_family(ct, optarg); break; 118 case ARG_MARK: nl_cli_ct_parse_mark(ct, optarg); break; 119 case ARG_TIMEOUT: nl_cli_ct_parse_timeout(ct, optarg); break; 120 case ARG_STATUS: nl_cli_ct_parse_status(ct, optarg); break; 121 case ARG_ZONE: nl_cli_ct_parse_zone(ct, optarg); break; 122 } 123 } 124 125 if (!quiet) { 126 printf("Adding "); 127 nl_object_dump(OBJ_CAST(ct), ¶ms); 128 } 129 130 sock = nl_cli_alloc_socket(); 131 nl_cli_connect(sock, NETLINK_NETFILTER); 132 133 if ((err = nfnl_ct_add(sock, ct, nlflags)) < 0) 134 nl_cli_fatal(err, "Unable to add conntrack: %s", nl_geterror(err)); 135 136 if (!quiet) { 137 printf("Added "); 138 nl_object_dump(OBJ_CAST(ct), ¶ms); 139 } 140 141 return 0; 142 } 143