18a44513648da0c5f5551f96b329cf56b66f5b303pkanwar#include <stdio.h> 28a44513648da0c5f5551f96b329cf56b66f5b303pkanwar#include <stdlib.h> 38a44513648da0c5f5551f96b329cf56b66f5b303pkanwar#include <unistd.h> 48a44513648da0c5f5551f96b329cf56b66f5b303pkanwar#include <time.h> 58a44513648da0c5f5551f96b329cf56b66f5b303pkanwar#include <arpa/inet.h> 68a44513648da0c5f5551f96b329cf56b66f5b303pkanwar 78a44513648da0c5f5551f96b329cf56b66f5b303pkanwar#include <libmnl/libmnl.h> 88a44513648da0c5f5551f96b329cf56b66f5b303pkanwar#include <libnetfilter_conntrack/libnetfilter_conntrack.h> 98a44513648da0c5f5551f96b329cf56b66f5b303pkanwar 108a44513648da0c5f5551f96b329cf56b66f5b303pkanwar#include <linux/netfilter/nf_conntrack_tcp.h> 118a44513648da0c5f5551f96b329cf56b66f5b303pkanwar 128a44513648da0c5f5551f96b329cf56b66f5b303pkanwarint main(void) 138a44513648da0c5f5551f96b329cf56b66f5b303pkanwar{ 148a44513648da0c5f5551f96b329cf56b66f5b303pkanwar struct mnl_socket *nl; 158a44513648da0c5f5551f96b329cf56b66f5b303pkanwar struct nlmsghdr *nlh; 168a44513648da0c5f5551f96b329cf56b66f5b303pkanwar struct nfgenmsg *nfh; 178a44513648da0c5f5551f96b329cf56b66f5b303pkanwar char buf[MNL_SOCKET_BUFFER_SIZE]; 188a44513648da0c5f5551f96b329cf56b66f5b303pkanwar unsigned int seq, portid; 198a44513648da0c5f5551f96b329cf56b66f5b303pkanwar struct nf_conntrack *ct; 208a44513648da0c5f5551f96b329cf56b66f5b303pkanwar int ret; 218a44513648da0c5f5551f96b329cf56b66f5b303pkanwar 228a44513648da0c5f5551f96b329cf56b66f5b303pkanwar nl = mnl_socket_open(NETLINK_NETFILTER); 238a44513648da0c5f5551f96b329cf56b66f5b303pkanwar if (nl == NULL) { 248a44513648da0c5f5551f96b329cf56b66f5b303pkanwar perror("mnl_socket_open"); 258a44513648da0c5f5551f96b329cf56b66f5b303pkanwar exit(EXIT_FAILURE); 268a44513648da0c5f5551f96b329cf56b66f5b303pkanwar } 278a44513648da0c5f5551f96b329cf56b66f5b303pkanwar 288a44513648da0c5f5551f96b329cf56b66f5b303pkanwar if (mnl_socket_bind(nl, 0, MNL_SOCKET_AUTOPID) < 0) { 298a44513648da0c5f5551f96b329cf56b66f5b303pkanwar perror("mnl_socket_bind"); 308a44513648da0c5f5551f96b329cf56b66f5b303pkanwar exit(EXIT_FAILURE); 318a44513648da0c5f5551f96b329cf56b66f5b303pkanwar } 328a44513648da0c5f5551f96b329cf56b66f5b303pkanwar portid = mnl_socket_get_portid(nl); 338a44513648da0c5f5551f96b329cf56b66f5b303pkanwar 348a44513648da0c5f5551f96b329cf56b66f5b303pkanwar nlh = mnl_nlmsg_put_header(buf); 358a44513648da0c5f5551f96b329cf56b66f5b303pkanwar nlh->nlmsg_type = (NFNL_SUBSYS_CTNETLINK << 8) | IPCTNL_MSG_CT_NEW; 368a44513648da0c5f5551f96b329cf56b66f5b303pkanwar nlh->nlmsg_flags = NLM_F_REQUEST|NLM_F_CREATE|NLM_F_EXCL|NLM_F_ACK; 378a44513648da0c5f5551f96b329cf56b66f5b303pkanwar nlh->nlmsg_seq = seq = time(NULL); 388a44513648da0c5f5551f96b329cf56b66f5b303pkanwar 398a44513648da0c5f5551f96b329cf56b66f5b303pkanwar nfh = mnl_nlmsg_put_extra_header(nlh, sizeof(struct nfgenmsg)); 408a44513648da0c5f5551f96b329cf56b66f5b303pkanwar nfh->nfgen_family = AF_INET; 418a44513648da0c5f5551f96b329cf56b66f5b303pkanwar nfh->version = NFNETLINK_V0; 428a44513648da0c5f5551f96b329cf56b66f5b303pkanwar nfh->res_id = 0; 438a44513648da0c5f5551f96b329cf56b66f5b303pkanwar 448a44513648da0c5f5551f96b329cf56b66f5b303pkanwar ct = nfct_new(); 458a44513648da0c5f5551f96b329cf56b66f5b303pkanwar if (ct == NULL) { 468a44513648da0c5f5551f96b329cf56b66f5b303pkanwar perror("nfct_new"); 478a44513648da0c5f5551f96b329cf56b66f5b303pkanwar return 0; 488a44513648da0c5f5551f96b329cf56b66f5b303pkanwar } 498a44513648da0c5f5551f96b329cf56b66f5b303pkanwar 508a44513648da0c5f5551f96b329cf56b66f5b303pkanwar nfct_set_attr_u8(ct, ATTR_L3PROTO, AF_INET); 518a44513648da0c5f5551f96b329cf56b66f5b303pkanwar nfct_set_attr_u32(ct, ATTR_IPV4_SRC, inet_addr("1.1.1.1")); 528a44513648da0c5f5551f96b329cf56b66f5b303pkanwar nfct_set_attr_u32(ct, ATTR_IPV4_DST, inet_addr("2.2.2.2")); 538a44513648da0c5f5551f96b329cf56b66f5b303pkanwar 548a44513648da0c5f5551f96b329cf56b66f5b303pkanwar nfct_set_attr_u8(ct, ATTR_L4PROTO, IPPROTO_TCP); 558a44513648da0c5f5551f96b329cf56b66f5b303pkanwar nfct_set_attr_u16(ct, ATTR_PORT_SRC, htons(20)); 568a44513648da0c5f5551f96b329cf56b66f5b303pkanwar nfct_set_attr_u16(ct, ATTR_PORT_DST, htons(10)); 578a44513648da0c5f5551f96b329cf56b66f5b303pkanwar 588a44513648da0c5f5551f96b329cf56b66f5b303pkanwar nfct_setobjopt(ct, NFCT_SOPT_SETUP_REPLY); 598a44513648da0c5f5551f96b329cf56b66f5b303pkanwar 608a44513648da0c5f5551f96b329cf56b66f5b303pkanwar nfct_set_attr_u8(ct, ATTR_TCP_STATE, TCP_CONNTRACK_SYN_SENT); 618a44513648da0c5f5551f96b329cf56b66f5b303pkanwar nfct_set_attr_u32(ct, ATTR_TIMEOUT, 100); 628a44513648da0c5f5551f96b329cf56b66f5b303pkanwar 638a44513648da0c5f5551f96b329cf56b66f5b303pkanwar nfct_nlmsg_build(nlh, ct); 648a44513648da0c5f5551f96b329cf56b66f5b303pkanwar 658a44513648da0c5f5551f96b329cf56b66f5b303pkanwar ret = mnl_socket_sendto(nl, nlh, nlh->nlmsg_len); 668a44513648da0c5f5551f96b329cf56b66f5b303pkanwar if (ret == -1) { 678a44513648da0c5f5551f96b329cf56b66f5b303pkanwar perror("mnl_socket_recvfrom"); 688a44513648da0c5f5551f96b329cf56b66f5b303pkanwar exit(EXIT_FAILURE); 698a44513648da0c5f5551f96b329cf56b66f5b303pkanwar } 708a44513648da0c5f5551f96b329cf56b66f5b303pkanwar 718a44513648da0c5f5551f96b329cf56b66f5b303pkanwar ret = mnl_socket_recvfrom(nl, buf, sizeof(buf)); 728a44513648da0c5f5551f96b329cf56b66f5b303pkanwar while (ret > 0) { 738a44513648da0c5f5551f96b329cf56b66f5b303pkanwar ret = mnl_cb_run(buf, ret, seq, portid, NULL, NULL); 748a44513648da0c5f5551f96b329cf56b66f5b303pkanwar if (ret <= MNL_CB_STOP) 758a44513648da0c5f5551f96b329cf56b66f5b303pkanwar break; 768a44513648da0c5f5551f96b329cf56b66f5b303pkanwar ret = mnl_socket_recvfrom(nl, buf, sizeof(buf)); 778a44513648da0c5f5551f96b329cf56b66f5b303pkanwar } 788a44513648da0c5f5551f96b329cf56b66f5b303pkanwar if (ret == -1) { 798a44513648da0c5f5551f96b329cf56b66f5b303pkanwar perror("mnl_socket_recvfrom"); 808a44513648da0c5f5551f96b329cf56b66f5b303pkanwar exit(EXIT_FAILURE); 818a44513648da0c5f5551f96b329cf56b66f5b303pkanwar } 828a44513648da0c5f5551f96b329cf56b66f5b303pkanwar 838a44513648da0c5f5551f96b329cf56b66f5b303pkanwar mnl_socket_close(nl); 848a44513648da0c5f5551f96b329cf56b66f5b303pkanwar 858a44513648da0c5f5551f96b329cf56b66f5b303pkanwar return 0; 868a44513648da0c5f5551f96b329cf56b66f5b303pkanwar} 87