1054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart/*
2054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart * src/nf-ct-list.c     List Conntrack Entries
3054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart *
4054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart *	This library is free software; you can redistribute it and/or
5054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart *	modify it under the terms of the GNU Lesser General Public
6054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart *	License as published by the Free Software Foundation version 2.1
7054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart *	of the License.
8054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart *
9054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart * Copyright (c) 2003-2009 Thomas Graf <tgraf@suug.ch>
10054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart * Copyright (c) 2007 Philip Craig <philipc@snapgear.com>
11054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart * Copyright (c) 2007 Secure Computing Corporation
12054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart */
13054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart
14054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart#include <netlink/cli/utils.h>
15054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart#include <netlink/cli/ct.h>
16054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart
17054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewartstatic int quiet = 0;
18054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart
19054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewartstatic void print_usage(void)
20054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart{
21054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart	printf(
22054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart	"Usage: nf-ct-add [OPTION]... [CONNTRACK ENTRY]\n"
23054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart	"\n"
24054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart	"Options\n"
25054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart	" -q, --quiet           Do not print informal notifications.\n"
26054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart	" -h, --help            Show this help\n"
27054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart	" -v, --version         Show versioning information\n"
28054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart	"\n"
29054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart	"Conntrack Selection\n"
30054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart	" -p, --proto=PROTOCOL    Protocol\n"
31054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart	"     --orig-src=ADDR     Original source address\n"
32054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart	"     --orig-sport=PORT   Original source port\n"
33054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart	"     --orig-dst=ADDR     Original destination address\n"
34054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart	"     --orig-dport=PORT   Original destination port\n"
35054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart	"     --reply-src=ADDR    Reply source address\n"
36054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart	"     --reply-sport=PORT  Reply source port\n"
37054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart	"     --reply-dst=ADDR    Reply destination address\n"
38054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart	"     --reply-dport=PORT  Reply destination port\n"
39054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart	" -F, --family=FAMILY     Address family\n"
40054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart	"     --mark=NUM          Mark value\n"
41054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart	"     --timeout=NUM       Timeout value\n"
42054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart	"     --status            Bitset representing status of connection.\n"
43054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart	"     --zone=NUM          Zone value\n"
44054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart	);
45054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart	exit(0);
46054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart}
47054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart
48054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewartint main(int argc, char *argv[])
49054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart{
50054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart	struct nl_sock *sock;
51054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart	struct nfnl_ct *ct;
52054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart	struct nl_dump_params params = {
53054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart		.dp_type = NL_DUMP_LINE,
54054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart		.dp_fd = stdout,
55054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart	};
56054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart	int err, nlflags = NLM_F_CREATE;
57054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart
58054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart	ct = nl_cli_ct_alloc();
59054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart
60054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart	for (;;) {
61054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart		int c, optidx = 0;
62054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart		enum {
63054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart			ARG_ORIG_SRC = 257,
64054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart			ARG_ORIG_SPORT = 258,
65054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart			ARG_ORIG_DST,
66054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart			ARG_ORIG_DPORT,
67054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart			ARG_REPLY_SRC,
68054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart			ARG_REPLY_SPORT,
69054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart			ARG_REPLY_DST,
70054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart			ARG_REPLY_DPORT,
71054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart			ARG_MARK,
72054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart			ARG_TIMEOUT,
73054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart			ARG_STATUS,
74054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart			ARG_ZONE,
75054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart		};
76054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart		static struct option long_opts[] = {
77054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart			{ "quiet", 0, 0, 'q' },
78054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart			{ "help", 0, 0, 'h' },
79054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart			{ "version", 0, 0, 'v' },
80054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart			{ "proto", 1, 0, 'p' },
81054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart			{ "orig-src", 1, 0, ARG_ORIG_SRC },
82054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart			{ "orig-sport", 1, 0, ARG_ORIG_SPORT },
83054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart			{ "orig-dst", 1, 0, ARG_ORIG_DST },
84054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart			{ "orig-dport", 1, 0, ARG_ORIG_DPORT },
85054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart			{ "reply-src", 1, 0, ARG_REPLY_SRC },
86054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart			{ "reply-sport", 1, 0, ARG_REPLY_SPORT },
87054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart			{ "reply-dst", 1, 0, ARG_REPLY_DST },
88054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart			{ "reply-dport", 1, 0, ARG_REPLY_DPORT },
89054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart			{ "family", 1, 0, 'F' },
90054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart			{ "mark", 1, 0, ARG_MARK },
91054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart			{ "timeout", 1, 0, ARG_TIMEOUT },
92054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart			{ "status", 1, 0, ARG_STATUS },
93054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart			{ "zone", 1, 0, ARG_ZONE },
94054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart			{ 0, 0, 0, 0 }
95054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart		};
96054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart
97054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart		c = getopt_long(argc, argv, "46q:hv:p:F:", long_opts, &optidx);
98054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart		if (c == -1)
99054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart			break;
100054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart
101054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart		switch (c) {
102054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart		case '?': exit(NLE_INVAL);
103054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart		case 'q': quiet = 1; break;
104054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart		case '4': nfnl_ct_set_family(ct, AF_INET); break;
105054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart		case '6': nfnl_ct_set_family(ct, AF_INET6); break;
106054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart		case 'h': print_usage(); break;
107054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart		case 'v': nl_cli_print_version(); break;
108054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart		case 'p': nl_cli_ct_parse_protocol(ct, optarg); break;
109054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart		case ARG_ORIG_SRC: nl_cli_ct_parse_src(ct, 0, optarg); break;
110054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart		case ARG_ORIG_SPORT: nl_cli_ct_parse_src_port(ct, 0, optarg); break;
111054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart		case ARG_ORIG_DST: nl_cli_ct_parse_dst(ct, 0, optarg); break;
112054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart		case ARG_ORIG_DPORT: nl_cli_ct_parse_dst_port(ct, 0, optarg); break;
113054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart		case ARG_REPLY_SRC: nl_cli_ct_parse_src(ct, 1, optarg); break;
114054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart		case ARG_REPLY_SPORT: nl_cli_ct_parse_src_port(ct, 1, optarg); break;
115054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart		case ARG_REPLY_DST: nl_cli_ct_parse_dst(ct, 1, optarg); break;
116054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart		case ARG_REPLY_DPORT: nl_cli_ct_parse_dst_port(ct, 1, optarg); break;
117054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart		case 'F': nl_cli_ct_parse_family(ct, optarg); break;
118054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart		case ARG_MARK: nl_cli_ct_parse_mark(ct, optarg); break;
119054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart		case ARG_TIMEOUT: nl_cli_ct_parse_timeout(ct, optarg); break;
120054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart		case ARG_STATUS: nl_cli_ct_parse_status(ct, optarg); break;
121054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart		case ARG_ZONE: nl_cli_ct_parse_zone(ct, optarg); break;
122054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart		}
123054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart	}
124054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart
125054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart	if (!quiet) {
126054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart		printf("Adding ");
127054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart		nl_object_dump(OBJ_CAST(ct), &params);
128054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart	}
129054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart
130054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart	sock = nl_cli_alloc_socket();
131054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart	nl_cli_connect(sock, NETLINK_NETFILTER);
132054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart
133054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart	if ((err = nfnl_ct_add(sock, ct, nlflags)) < 0)
134054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart		nl_cli_fatal(err, "Unable to add conntrack: %s", nl_geterror(err));
135054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart
136054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart	if (!quiet) {
137054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart		printf("Added ");
138054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart		nl_object_dump(OBJ_CAST(ct), &params);
139054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart	}
140054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart
141054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart	return 0;
142054c80d775f2ae9b8f50260bdfcb821e99c0da2aPaul Stewart}
143