diff options
author | Florian Westphal <fw@strlen.de> | 2017-06-21 20:34:19 +0200 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2017-06-21 20:44:22 +0200 |
commit | 003c2b107c185fb818f082c499c77b7188c7d5f7 (patch) | |
tree | 3079e6a5a9da54abd3e8efd5e3e08513b58b5c09 | |
parent | e84b55978504a05c687dd636c1c526a99a34019e (diff) | |
download | libnetfilter_queue-003c2b107c185fb818f082c499c77b7188c7d5f7.tar.gz |
examples: set dummy connmark value to show use of NFQA_CT nested attribute
We can now get/set conntrack attributes via nfqueue, show a minimal
example that sets the connmark from userspace.
Signed-off-by: Florian Westphal <fw@strlen.de>
-rw-r--r-- | examples/nf-queue.c | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/examples/nf-queue.c b/examples/nf-queue.c index d6c4b63..c2bc6cc 100644 --- a/examples/nf-queue.c +++ b/examples/nf-queue.c @@ -15,6 +15,9 @@ #include <libnetfilter_queue/libnetfilter_queue.h> +/* only for NFQA_CT, not needed otherwise: */ +#include <linux/netfilter/nfnetlink_conntrack.h> + static struct mnl_socket *nl; static struct nlmsghdr * @@ -37,10 +40,21 @@ nfq_send_verdict(int queue_num, uint32_t id) { char buf[MNL_SOCKET_BUFFER_SIZE]; struct nlmsghdr *nlh; + struct nlattr *nest; nlh = nfq_hdr_put(buf, NFQNL_MSG_VERDICT, queue_num); nfq_nlmsg_verdict_put(nlh, id, NF_ACCEPT); + /* example to set the connmark. First, start NFQA_CT section: */ + nest = mnl_attr_nest_start(nlh, NFQA_CT); + + /* then, add the connmark attribute: */ + mnl_attr_put_u32(nlh, CTA_MARK, htonl(42)); + /* more conntrack attributes, e.g. CTA_LABEL, could be set here */ + + /* end conntrack section */ + mnl_attr_nest_end(nlh, nest); + if (mnl_socket_sendto(nl, nlh, nlh->nlmsg_len) < 0) { perror("mnl_socket_send"); exit(EXIT_FAILURE); |