1 /* SPDX-License-Identifier: LGPL-2.1-only */
2 /*
3  * src/nf-ct-events.c	  Listen on Conntrack Events
4  *
5  *	This library is free software; you can redistribute it and/or
6  *	modify it under the terms of the GNU Lesser General Public
7  *	License as published by the Free Software Foundation version 2.1
8  *	of the License.
9  *
10  * Copyright (c) 2018 Avast software
11  */
12 
13 #include <netlink/cli/utils.h>
14 #include <netlink/cli/ct.h>
15 
16 #include <linux/netlink.h>
17 #include <linux/netfilter/nfnetlink.h>
18 #include <linux/netfilter/nfnetlink_conntrack.h>
19 
20 struct private_nl_object
21 {
22 	int			ce_refcnt;
23 	struct nl_object_ops *	ce_ops;
24 	struct nl_cache *	ce_cache;
25 	struct nl_list_head	ce_list;
26 	int			ce_msgtype;
27 	int			ce_flags;
28 	uint64_t		ce_mask;
29 };
30 
nf_conntrack_parse_callback(struct nl_object * obj,void * opaque)31 static void nf_conntrack_parse_callback(struct nl_object *obj, void *opaque)
32 {
33 	struct nl_dump_params params = {
34 		.dp_fd = stdout,
35 		.dp_type = NL_DUMP_DETAILS,
36 	};
37 
38 	nl_object_dump(obj, &params);
39 }
40 
nf_conntrack_event_callback(struct nl_msg * msg,void * opaque)41 static int nf_conntrack_event_callback(struct nl_msg *msg, void *opaque)
42 {
43 	int err;
44 	struct nlmsghdr *hdr = nlmsg_hdr(msg);
45 
46 	enum cntl_msg_types type = (enum cntl_msg_types) NFNL_MSG_TYPE(hdr->nlmsg_type);
47 
48 	int flags = hdr->nlmsg_flags;
49 
50 	if (type == IPCTNL_MSG_CT_DELETE) {
51 		printf("DELETE ");
52 	} else if (type == IPCTNL_MSG_CT_NEW) {
53 		if (flags & (NLM_F_CREATE|NLM_F_EXCL)) {
54 			printf("NEW ");
55 		} else {
56 			printf("UPDATE ");
57 		}
58 	} else {
59 		printf("UNKNOWN ");
60 	}
61 
62 	if ((err = nl_msg_parse(msg, &nf_conntrack_parse_callback, opaque)) < 0) {
63 		nl_cli_fatal(err, "nl_msg_parse: %s", nl_geterror(err));
64 	}
65 	/* Continue with next event */
66 	return NL_OK;
67 }
68 
main(int argc,char * argv[])69 int main(int argc, char *argv[])
70 {
71 	struct nl_sock *socket;
72 	int err;
73 
74 	socket = nl_cli_alloc_socket();
75 	if (socket == NULL) {
76 		nl_cli_fatal(ENOBUFS, "Unable to allocate netlink socket");
77 	}
78 
79 	/*
80 	 * Disable sequence number checking.
81 	 * This is required to allow messages to be processed which were not requested by
82 	 * a preceding request message, e.g. netlink events.
83 	 */
84 	nl_socket_disable_seq_check(socket);
85 
86 	/* subscribe conntrack events */
87 	nl_join_groups(socket, NF_NETLINK_CONNTRACK_NEW |
88 												 NF_NETLINK_CONNTRACK_UPDATE |
89 												 NF_NETLINK_CONNTRACK_DESTROY |
90 												 NF_NETLINK_CONNTRACK_EXP_NEW |
91 												 NF_NETLINK_CONNTRACK_EXP_UPDATE |
92 												 NF_NETLINK_CONNTRACK_EXP_DESTROY);
93 
94 	nl_cli_connect(socket, NETLINK_NETFILTER);
95 
96 	nl_socket_modify_cb(socket, NL_CB_VALID, NL_CB_CUSTOM, &nf_conntrack_event_callback, 0);
97 
98 	while (1) {
99 
100 		errno = 0;
101 		if ((err = nl_recvmsgs_default(socket)) < 0) {
102 			switch (errno) {
103 				case 	ENOBUFS:
104 					// just print warning
105 					fprintf(stderr, "Lost events because of ENOBUFS\n");
106 					break;
107 				case EAGAIN:
108 				case EINTR:
109 					// continue reading
110 					break;
111 				default:
112 					nl_cli_fatal(err, "Failed to receive: %s", nl_geterror(err));
113 			}
114 		}
115 	}
116 }
117