libnl 3.11.0
nf-ct-events.c
1/* SPDX-License-Identifier: LGPL-2.1-only */
2/*
3 * Copyright (c) 2018 Avast software
4 */
5
6#include "nl-default.h"
7
8#include <linux/netlink.h>
9#include <linux/netfilter/nfnetlink.h>
10#include <linux/netfilter/nfnetlink_conntrack.h>
11
12#include <netlink/cli/utils.h>
13#include <netlink/cli/ct.h>
14
16{
17 int ce_refcnt;
18 struct nl_object_ops * ce_ops;
19 struct nl_cache * ce_cache;
20 struct nl_list_head ce_list;
21 int ce_msgtype;
22 int ce_flags;
23 uint64_t ce_mask;
24};
25
26static void nf_conntrack_parse_callback(struct nl_object *obj, void *opaque)
27{
28 struct nl_dump_params params = {
29 .dp_fd = stdout,
30 .dp_type = NL_DUMP_DETAILS,
31 };
32
33 nl_object_dump(obj, &params);
34}
35
36static int nf_conntrack_event_callback(struct nl_msg *msg, void *opaque)
37{
38 int err;
39 struct nlmsghdr *hdr = nlmsg_hdr(msg);
40
41 enum cntl_msg_types type = (enum cntl_msg_types) NFNL_MSG_TYPE(hdr->nlmsg_type);
42
43 int flags = hdr->nlmsg_flags;
44
45 if (type == IPCTNL_MSG_CT_DELETE) {
46 printf("DELETE ");
47 } else if (type == IPCTNL_MSG_CT_NEW) {
48 if (flags & (NLM_F_CREATE|NLM_F_EXCL)) {
49 printf("NEW ");
50 } else {
51 printf("UPDATE ");
52 }
53 } else {
54 printf("UNKNOWN ");
55 }
56
57 if ((err = nl_msg_parse(msg, &nf_conntrack_parse_callback, opaque)) < 0) {
58 nl_cli_fatal(err, "nl_msg_parse: %s", nl_geterror(err));
59 }
60 /* Continue with next event */
61 return NL_OK;
62}
63
64int main(int argc, char *argv[])
65{
66 struct nl_sock *socket;
67 int err;
68
69 socket = nl_cli_alloc_socket();
70 if (socket == NULL) {
71 nl_cli_fatal(ENOBUFS, "Unable to allocate netlink socket");
72 }
73
74 /*
75 * Disable sequence number checking.
76 * This is required to allow messages to be processed which were not requested by
77 * a preceding request message, e.g. netlink events.
78 */
80
81 /* subscribe conntrack events */
82 nl_join_groups(socket, NF_NETLINK_CONNTRACK_NEW |
83 NF_NETLINK_CONNTRACK_UPDATE |
84 NF_NETLINK_CONNTRACK_DESTROY |
85 NF_NETLINK_CONNTRACK_EXP_NEW |
86 NF_NETLINK_CONNTRACK_EXP_UPDATE |
87 NF_NETLINK_CONNTRACK_EXP_DESTROY);
88
89 nl_cli_connect(socket, NETLINK_NETFILTER);
90
91 nl_socket_modify_cb(socket, NL_CB_VALID, NL_CB_CUSTOM, &nf_conntrack_event_callback, 0);
92
93 while (1) {
94
95 errno = 0;
96 if ((err = nl_recvmsgs_default(socket)) < 0) {
97 switch (errno) {
98 case ENOBUFS:
99 // just print warning
100 fprintf(stderr, "Lost events because of ENOBUFS\n");
101 break;
102 case EAGAIN:
103 case EINTR:
104 // continue reading
105 break;
106 default:
107 nl_cli_fatal(err, "Failed to receive: %s", nl_geterror(err));
108 }
109 }
110 }
111}
@ NL_OK
Proceed with whatever would come next.
Definition handlers.h:58
@ NL_CB_VALID
Message is valid.
Definition handlers.h:89
@ NL_CB_CUSTOM
Customized handler specified by the user.
Definition handlers.h:77
void nl_cli_fatal(int err, const char *fmt,...)
Print error message and quit application.
Definition utils.c:71
struct nlmsghdr * nlmsg_hdr(struct nl_msg *n)
Return actual netlink message.
Definition msg.c:550
void nl_object_dump(struct nl_object *obj, struct nl_dump_params *params)
Dump this object according to the specified parameters.
Definition object.c:294
int nl_recvmsgs_default(struct nl_sock *sk)
Receive a set of message from a netlink socket using handlers in nl_sock.
Definition nl.c:1093
void nl_join_groups(struct nl_sock *sk, int groups)
Join multicast groups (deprecated)
Definition socket.c:557
void nl_socket_disable_seq_check(struct nl_sock *sk)
Disable sequence number checking.
Definition socket.c:303
int nl_socket_modify_cb(struct nl_sock *sk, enum nl_cb_type type, enum nl_cb_kind kind, nl_recvmsg_msg_cb_t func, void *arg)
Modify the callback handler associated with the socket.
Definition socket.c:795
@ NL_DUMP_DETAILS
Dump all attributes but no statistics.
Definition types.h:21
Dumping parameters.
Definition types.h:32
FILE * dp_fd
File descriptor the dumping output should go to.
Definition types.h:81