#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <arpa/inet.h>
#include <libnetfilter_conntrack/libnetfilter_conntrack.h>
#include <libnetfilter_conntrack/libnetfilter_conntrack_tcp.h>
struct nfct_handle *cth, *ith;
int nfct_filter(struct nf_conntrack *obj, struct nf_conntrack *ct)
{
if (!nfct_cmp(obj, ct, NFCT_CMP_ALL | NFCT_CMP_MASK))
return 1;
return 0;
}
static int delete_cb(enum nf_conntrack_msg_type type,
struct nf_conntrack *ct,
void *data)
{
int res;
char buf[1024];
struct nf_conntrack *obj = data;
unsigned int op_type = NFCT_O_DEFAULT;
unsigned int op_flags = 0;
if (nfct_filter(obj, ct))
return NFCT_CB_CONTINUE;
res = nfct_query(ith, NFCT_Q_DESTROY, ct);
if (res < 0)
printf("Operation failed");
nfct_snprintf(buf, sizeof(buf), ct, NFCT_T_UNKNOWN, op_type, op_flags);
printf("%s\n", buf);
return NFCT_CB_CONTINUE;
}
int main(int argc, char* argv[])
{
int res = 0;
int family = AF_INET;
struct nfct_filter_dump *filter_dump;
struct nf_conntrack *ct;
cth = nfct_open(CONNTRACK, 0);
ith = nfct_open(CONNTRACK, 0);
if (!cth || !ith)
printf("Can't open handler");
ct = nfct_new();
if (!ct) {
printf(" failed");
return 0;
}
nfct_set_attr_u8(ct, ATTR_L3PROTO, family);
nfct_set_attr_u32(ct, ATTR_IPV4_SRC, inet_addr(argv[1]));
nfct_callback_register(cth, NFCT_T_ALL, delete_cb, ct);
filter_dump = nfct_filter_dump_create();
if (filter_dump == NULL)
printf("filter_dump is null");
res = nfct_query(cth, NFCT_Q_DUMP_FILTER, filter_dump);
if (res == -1)
printf("(%d)(%s)\n", res, strerror(errno));
else
printf("(OK)(%d)\n",res);
nfct_filter_dump_destroy(filter_dump);
nfct_close(ith);
nfct_close(cth);
nfct_destroy(ct);
return 0;
}
参考: