Welcome, guest | Sign In | My Account | Store | Cart
#!/usr/bin/env python
#
# Copyright (c) 2009 Andrew Grigorev <andrew@ei-grad.ru>
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
# 
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
# 
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
# THE SOFTWARE.
#


import sys
from ctypes import *
from threading import Thread


nfct = CDLL('libnetfilter_conntrack.so')
libc = CDLL('libc.so.6')


NFCT_CALLBACK = CFUNCTYPE(c_int, c_int, c_void_p, c_void_p)

# conntrack
CONNTRACK = 1
EXPECT = 2

# netlink groups
NF_NETLINK_CONNTRACK_NEW         = 0x00000001
NF_NETLINK_CONNTRACK_UPDATE      = 0x00000002
NF_NETLINK_CONNTRACK_DESTROY     = 0x00000004
NF_NETLINK_CONNTRACK_EXP_NEW     = 0x00000008
NF_NETLINK_CONNTRACK_EXP_UPDATE  = 0x00000010
NF_NETLINK_CONNTRACK_EXP_DESTROY = 0x00000020

NFCT_ALL_CT_GROUPS = (NF_NETLINK_CONNTRACK_NEW | NF_NETLINK_CONNTRACK_UPDATE \
    | NF_NETLINK_CONNTRACK_DESTROY)

# nfct_*printf output format
NFCT_O_PLAIN = 0
NFCT_O_DEFAULT = NFCT_O_PLAIN
NFCT_O_XML = 1
NFCT_O_MAX = 2

# output flags
NFCT_OF_SHOW_LAYER3_BIT = 0
NFCT_OF_SHOW_LAYER3 = (1 << NFCT_OF_SHOW_LAYER3_BIT)
NFCT_OF_TIME_BIT = 1
NFCT_OF_TIME = (1 << NFCT_OF_TIME_BIT)
NFCT_OF_ID_BIT = 2
NFCT_OF_ID = (1 << NFCT_OF_ID_BIT)

# callback return code
NFCT_CB_FAILURE = -1   # failure
NFCT_CB_STOP = 0       # stop the query
NFCT_CB_CONTINUE = 1   # keep iterating through data
NFCT_CB_STOLEN = 2     # like continue, but ct is not freed

# message type
NFCT_T_UNKNOWN = 0
NFCT_T_NEW_BIT = 0
NFCT_T_NEW = (1 << NFCT_T_NEW_BIT)
NFCT_T_UPDATE_BIT = 1
NFCT_T_UPDATE = (1 << NFCT_T_UPDATE_BIT)
NFCT_T_DESTROY_BIT = 2
NFCT_T_DESTROY = (1 << NFCT_T_DESTROY_BIT)
NFCT_T_ALL = NFCT_T_NEW | NFCT_T_UPDATE | NFCT_T_DESTROY
NFCT_T_ERROR_BIT = 31
NFCT_T_ERROR = (1 << NFCT_T_ERROR_BIT)


class ConntrackEventListener(Thread):
    def __init__(self, callback, msg_types=NFCT_T_NEW|NFCT_T_DESTROY):
        Thread.__init__(self)
        
        self.h = nfct.nfct_open(CONNTRACK, NFCT_ALL_CT_GROUPS)

        if self.h == 0:
            libc.perror("nfct_open")
            raise Exception("nfct_open failed!")
        
        buf = create_string_buffer(1024)
        self._stop = False

        def event_callback_closure(type, ct, data):
            nfct.nfct_snprintf(buf, 1024, ct, type, NFCT_O_XML, NFCT_OF_TIME)
            callback(buf.value)
            if self._stop:
                return NFCT_CB_STOP
            return NFCT_CB_CONTINUE

        self.cb = NFCT_CALLBACK(event_callback_closure)

        nfct.nfct_callback_register(self.h, msg_types, self.cb, 0)

    def run(self):
        ret = nfct.nfct_catch(self.h)
        
        nfct.nfct_callback_unregister(self.h)
        nfct.nfct_close(self.h)
        
        if ret == -1:
            libc.perror("nfct_catch")
            raise Exception("nfct_catch failed!")

    def stop(self):
        self._stop = True

__all__ = ["ConntrackEventListener", "NFCT_T_NEW", "NFCT_T_UPDATE", "NFCT_T_DESTROY", "NFCT_T_ERROR"]

if __name__ == "__main__":
    l = ConntrackEventListener(lambda x: sys.stdout.write("%s\n" % x))
    l.start()
    try:
        input()
    except:
        pass
    sys.stdout.write("Terminating (waiting for last event...)\n")
    l.stop()
    l.join()

History

  • revision 3 (12 years ago)
  • previous revisions are not available