def getrealdest_ct(self, newip, newport):
if self.config.debug > 1:
self.log.debug("Netfilter: BEGIN")
try:
# Create conntrack object; get conntrack table
nf = Conntrack()
table = nf.dump_table(socket.AF_INET)
except:
if self.config.debug > 0:
self.log.error(sys.exc_info())
return -1, -1
if self.config.debug > 1:
self.log.debug("Netfilter: local socket %s:%s" % \
(newip, newport))
# Search conntrack table for target destination IP:port
for entry in table:
repl_ipv4_dst_ip = self.ltoip(entry.repl_ipv4_dst)
orig_ipv4_dst_ip = self.ltoip(entry.orig_ipv4_dst)
if self.config.debug > 1:
self.log.debug("Netfilter: Trying: %s:%s" %
(repl_ipv4_dst_ip, entry.repl_port_dst))
if repl_ipv4_dst_ip == newip and entry.repl_port_dst == newport:
if self.config.debug > 1:
self.log.debug("Netfilter: remote socket %s:%s" % \
(orig_ipv4_dst_ip, entry.orig_port_dst))
return orig_ipv4_dst_ip, entry.orig_port_dst
if self.config.debug > 0:
self.log.debug("Netfilter: no socket match")
self.log.debug("Netfilter: END")
return -1, -1
def delete_existing_conntrack_entry(ip):
conntrack = Conntrack()
for entry in conntrack.dump_table():
dst = socket.inet_ntoa(struct.pack('!I', entry.orig_ipv4_dst))
if 0 == entry.mark and ip == dst:
LOGGER.info('delete %s' % entry)
conntrack.destroy_conntrack(entry)
def getrealdest_ct(self, newip, newport):
if self.config.debug > 1:
self.log.debug("Netfilter: BEGIN")
try:
# Create conntrack object; get conntrack table
nf = Conntrack()
table = nf.dump_table(socket.AF_INET)
except:
if self.config.debug > 0:
self.log.error(sys.exc_info())
return -1,-1
if self.config.debug > 1:
self.log.debug("Netfilter: local socket %s:%s" % \
(newip, newport))
# Search conntrack table for target destination IP:port
for entry in table:
repl_ipv4_dst_ip = self.ltoip(entry.repl_ipv4_dst)
orig_ipv4_dst_ip = self.ltoip(entry.orig_ipv4_dst)
if self.config.debug > 1:
self.log.debug("Netfilter: Trying: %s:%s" % (repl_ipv4_dst_ip, entry.repl_port_dst))
if repl_ipv4_dst_ip == newip and entry.repl_port_dst == newport:
if self.config.debug > 1:
self.log.debug("Netfilter: remote socket %s:%s" % \
(orig_ipv4_dst_ip, entry.orig_port_dst))
return orig_ipv4_dst_ip, entry.orig_port_dst
if self.config.debug > 0:
self.log.debug("Netfilter: no socket match")
self.log.debug("Netfilter: END")
return -1, -1
def main():
if len(sys.argv) != 2 or sys.argv[1] not in OUTPUT_FORMAT:
print("usage: %s command" % sys.argv[0], file=sys.stderr)
print(file=sys.stderr)
print("command: list or xml", file=sys.stderr)
sys.exit(1)
mode = sys.argv[1]
output = OUTPUT_FORMAT[mode]
checkKernelModule('nf_conntrack', 'nf_ct_attach')
checkKernelModule('nf_conntrack_netlink', 'ctnetlink_net_init')
try:
if mode == "xml":
print('<?xml version="1.0" encoding="ISO-8859-1"?>')
print('<flows>')
nf = Conntrack()
(table, count) = nf.dump_table(AF_INET)
for entry in table:
print(entry.format(output))
if mode == "xml":
print('</flows>')
except RuntimeError as err:
print("ERROR: %s" % err)
except KeyboardInterrupt:
print("Interrupted.")
def delete_existing_conntrack_entry(ip):
conntrack = Conntrack()
for entry in conntrack.dump_table():
dst = socket.inet_ntoa(struct.pack('!I', entry.orig_ipv4_dst))
if 0 == entry.mark and ip == dst:
LOGGER.info('delete %s' % entry)
conntrack.destroy_conntrack(entry)
def main():
if len(sys.argv) != 2 or sys.argv[1] not in OUTPUT_FORMAT:
print >> sys.stderr, "usage: %s command" % sys.argv[0]
print >> sys.stderr
print >> sys.stderr, "command: list or xml"
sys.exit(1)
mode = sys.argv[1]
output = OUTPUT_FORMAT[mode]
checkKernelModule('nf_conntrack', 'nf_ct_attach')
checkKernelModule('nf_conntrack_netlink', 'ctnetlink_net_init')
try:
if mode == "xml":
print '<?xml version="1.0" encoding="ISO-8859-1"?>'
print '<flows>'
nf = Conntrack()
(table, count) = nf.dump_table(AF_INET)
for entry in table:
print entry.format(output)
if mode == "xml":
print '</flows>'
except RuntimeError, err:
print "ERROR: %s" % err
def main():
if len(sys.argv) != 2 or sys.argv[1] not in OUTPUT_FORMAT:
print >>sys.stderr, "usage: %s command" % sys.argv[0]
print >>sys.stderr
print >>sys.stderr, "command: list or xml"
sys.exit(1)
mode = sys.argv[1]
output = OUTPUT_FORMAT[mode]
checkKernelModule('nf_conntrack', 'nf_ct_cache')
checkKernelModule('nf_conntrack_netlink', 'ctnetlink_init')
try:
if mode == "xml":
print '<?xml version="1.0" encoding="ISO-8859-1"?>'
print '<flows>'
nf = Conntrack()
table = nf.dump_table(AF_INET)
for entry in table:
print entry.format(output)
if mode == "xml":
print '</flows>'
except RuntimeError, err:
print "ERROR: %s" % err