1 /* 2 * Copyright (C) 2017 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package com.android.net.module.util.netlink; 18 19 import static android.system.OsConstants.IPPROTO_TCP; 20 import static android.system.OsConstants.IPPROTO_UDP; 21 22 import static com.android.net.module.util.netlink.StructNlAttr.findNextAttrOfType; 23 import static com.android.net.module.util.netlink.StructNlAttr.makeNestedType; 24 import static com.android.net.module.util.netlink.StructNlMsgHdr.NLM_F_ACK; 25 import static com.android.net.module.util.netlink.StructNlMsgHdr.NLM_F_REPLACE; 26 import static com.android.net.module.util.netlink.StructNlMsgHdr.NLM_F_REQUEST; 27 28 import static java.nio.ByteOrder.BIG_ENDIAN; 29 30 import android.system.OsConstants; 31 32 import androidx.annotation.NonNull; 33 import androidx.annotation.Nullable; 34 import androidx.annotation.VisibleForTesting; 35 36 import java.net.Inet4Address; 37 import java.net.InetAddress; 38 import java.nio.ByteBuffer; 39 import java.nio.ByteOrder; 40 import java.util.Objects; 41 42 /** 43 * A NetlinkMessage subclass for netlink conntrack messages. 44 * 45 * see also: <linux_src>/include/uapi/linux/netfilter/nfnetlink_conntrack.h 46 * 47 * @hide 48 */ 49 public class ConntrackMessage extends NetlinkMessage { 50 public static final int STRUCT_SIZE = StructNlMsgHdr.STRUCT_SIZE + StructNfGenMsg.STRUCT_SIZE; 51 52 // enum ctattr_type 53 public static final short CTA_TUPLE_ORIG = 1; 54 public static final short CTA_TUPLE_REPLY = 2; 55 public static final short CTA_STATUS = 3; 56 public static final short CTA_TIMEOUT = 7; 57 58 // enum ctattr_tuple 59 public static final short CTA_TUPLE_IP = 1; 60 public static final short CTA_TUPLE_PROTO = 2; 61 62 // enum ctattr_ip 63 public static final short CTA_IP_V4_SRC = 1; 64 public static final short CTA_IP_V4_DST = 2; 65 66 // enum ctattr_l4proto 67 public static final short CTA_PROTO_NUM = 1; 68 public static final short CTA_PROTO_SRC_PORT = 2; 69 public static final short CTA_PROTO_DST_PORT = 3; 70 71 // enum ip_conntrack_status 72 public static final int IPS_EXPECTED = 0x00000001; 73 public static final int IPS_SEEN_REPLY = 0x00000002; 74 public static final int IPS_ASSURED = 0x00000004; 75 public static final int IPS_CONFIRMED = 0x00000008; 76 public static final int IPS_SRC_NAT = 0x00000010; 77 public static final int IPS_DST_NAT = 0x00000020; 78 public static final int IPS_SEQ_ADJUST = 0x00000040; 79 public static final int IPS_SRC_NAT_DONE = 0x00000080; 80 public static final int IPS_DST_NAT_DONE = 0x00000100; 81 public static final int IPS_DYING = 0x00000200; 82 public static final int IPS_FIXED_TIMEOUT = 0x00000400; 83 public static final int IPS_TEMPLATE = 0x00000800; 84 public static final int IPS_UNTRACKED = 0x00001000; 85 public static final int IPS_HELPER = 0x00002000; 86 public static final int IPS_OFFLOAD = 0x00004000; 87 public static final int IPS_HW_OFFLOAD = 0x00008000; 88 89 // ip_conntrack_status mask 90 // Interesting on the NAT conntrack session which has already seen two direction traffic. 91 // TODO: Probably IPS_{SRC, DST}_NAT_DONE are also interesting. 92 public static final int ESTABLISHED_MASK = IPS_CONFIRMED | IPS_ASSURED | IPS_SEEN_REPLY 93 | IPS_SRC_NAT; 94 // Interesting on the established NAT conntrack session which is dying. 95 public static final int DYING_MASK = ESTABLISHED_MASK | IPS_DYING; 96 97 /** 98 * A tuple for the conntrack connection information. 99 * 100 * see also CTA_TUPLE_ORIG and CTA_TUPLE_REPLY. 101 */ 102 public static class Tuple { 103 public final Inet4Address srcIp; 104 public final Inet4Address dstIp; 105 106 // Both port and protocol number are unsigned numbers stored in signed integers, and that 107 // callers that want to compare them to integers should either cast those integers, or 108 // convert them to unsigned using Byte.toUnsignedInt() and Short.toUnsignedInt(). 109 public final short srcPort; 110 public final short dstPort; 111 public final byte protoNum; 112 Tuple(TupleIpv4 ip, TupleProto proto)113 public Tuple(TupleIpv4 ip, TupleProto proto) { 114 this.srcIp = ip.src; 115 this.dstIp = ip.dst; 116 this.srcPort = proto.srcPort; 117 this.dstPort = proto.dstPort; 118 this.protoNum = proto.protoNum; 119 } 120 121 @Override 122 @VisibleForTesting equals(Object o)123 public boolean equals(Object o) { 124 if (!(o instanceof Tuple)) return false; 125 Tuple that = (Tuple) o; 126 return Objects.equals(this.srcIp, that.srcIp) 127 && Objects.equals(this.dstIp, that.dstIp) 128 && this.srcPort == that.srcPort 129 && this.dstPort == that.dstPort 130 && this.protoNum == that.protoNum; 131 } 132 133 @Override hashCode()134 public int hashCode() { 135 return Objects.hash(srcIp, dstIp, srcPort, dstPort, protoNum); 136 } 137 138 @Override toString()139 public String toString() { 140 final String srcIpStr = (srcIp == null) ? "null" : srcIp.getHostAddress(); 141 final String dstIpStr = (dstIp == null) ? "null" : dstIp.getHostAddress(); 142 final String protoStr = NetlinkConstants.stringForProtocol(protoNum); 143 144 return "Tuple{" 145 + protoStr + ": " 146 + srcIpStr + ":" + Short.toUnsignedInt(srcPort) + " -> " 147 + dstIpStr + ":" + Short.toUnsignedInt(dstPort) 148 + "}"; 149 } 150 } 151 152 /** 153 * A tuple for the conntrack connection address. 154 * 155 * see also CTA_TUPLE_IP. 156 */ 157 public static class TupleIpv4 { 158 public final Inet4Address src; 159 public final Inet4Address dst; 160 TupleIpv4(Inet4Address src, Inet4Address dst)161 public TupleIpv4(Inet4Address src, Inet4Address dst) { 162 this.src = src; 163 this.dst = dst; 164 } 165 } 166 167 /** 168 * A tuple for the conntrack connection protocol. 169 * 170 * see also CTA_TUPLE_PROTO. 171 */ 172 public static class TupleProto { 173 public final byte protoNum; 174 public final short srcPort; 175 public final short dstPort; 176 TupleProto(byte protoNum, short srcPort, short dstPort)177 public TupleProto(byte protoNum, short srcPort, short dstPort) { 178 this.protoNum = protoNum; 179 this.srcPort = srcPort; 180 this.dstPort = dstPort; 181 } 182 } 183 184 /** 185 * Create a netlink message to refresh IPv4 conntrack entry timeout. 186 */ newIPv4TimeoutUpdateRequest( int proto, Inet4Address src, int sport, Inet4Address dst, int dport, int timeoutSec)187 public static byte[] newIPv4TimeoutUpdateRequest( 188 int proto, Inet4Address src, int sport, Inet4Address dst, int dport, int timeoutSec) { 189 // *** STYLE WARNING *** 190 // 191 // Code below this point uses extra block indentation to highlight the 192 // packing of nested tuple netlink attribute types. 193 final StructNlAttr ctaTupleOrig = new StructNlAttr(CTA_TUPLE_ORIG, 194 new StructNlAttr(CTA_TUPLE_IP, 195 new StructNlAttr(CTA_IP_V4_SRC, src), 196 new StructNlAttr(CTA_IP_V4_DST, dst)), 197 new StructNlAttr(CTA_TUPLE_PROTO, 198 new StructNlAttr(CTA_PROTO_NUM, (byte) proto), 199 new StructNlAttr(CTA_PROTO_SRC_PORT, (short) sport, BIG_ENDIAN), 200 new StructNlAttr(CTA_PROTO_DST_PORT, (short) dport, BIG_ENDIAN))); 201 202 final StructNlAttr ctaTimeout = new StructNlAttr(CTA_TIMEOUT, timeoutSec, BIG_ENDIAN); 203 204 final int payloadLength = ctaTupleOrig.getAlignedLength() + ctaTimeout.getAlignedLength(); 205 final byte[] bytes = new byte[STRUCT_SIZE + payloadLength]; 206 final ByteBuffer byteBuffer = ByteBuffer.wrap(bytes); 207 byteBuffer.order(ByteOrder.nativeOrder()); 208 209 final ConntrackMessage ctmsg = new ConntrackMessage(); 210 ctmsg.mHeader.nlmsg_len = bytes.length; 211 ctmsg.mHeader.nlmsg_type = (NetlinkConstants.NFNL_SUBSYS_CTNETLINK << 8) 212 | NetlinkConstants.IPCTNL_MSG_CT_NEW; 213 ctmsg.mHeader.nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK | NLM_F_REPLACE; 214 ctmsg.mHeader.nlmsg_seq = 1; 215 ctmsg.pack(byteBuffer); 216 217 ctaTupleOrig.pack(byteBuffer); 218 ctaTimeout.pack(byteBuffer); 219 220 return bytes; 221 } 222 223 /** 224 * Parses a netfilter conntrack message from a {@link ByteBuffer}. 225 * 226 * @param header the netlink message header. 227 * @param byteBuffer The buffer from which to parse the netfilter conntrack message. 228 * @return the parsed netfilter conntrack message, or {@code null} if the netfilter conntrack 229 * message could not be parsed successfully (for example, if it was truncated). 230 */ 231 @Nullable parse(@onNull StructNlMsgHdr header, @NonNull ByteBuffer byteBuffer)232 public static ConntrackMessage parse(@NonNull StructNlMsgHdr header, 233 @NonNull ByteBuffer byteBuffer) { 234 // Just build the netlink header and netfilter header for now and pretend the whole message 235 // was consumed. 236 // TODO: Parse the conntrack attributes. 237 final StructNfGenMsg nfGenMsg = StructNfGenMsg.parse(byteBuffer); 238 if (nfGenMsg == null) { 239 return null; 240 } 241 242 final int baseOffset = byteBuffer.position(); 243 StructNlAttr nlAttr = findNextAttrOfType(CTA_STATUS, byteBuffer); 244 int status = 0; 245 if (nlAttr != null) { 246 status = nlAttr.getValueAsBe32(0); 247 } 248 249 byteBuffer.position(baseOffset); 250 nlAttr = findNextAttrOfType(CTA_TIMEOUT, byteBuffer); 251 int timeoutSec = 0; 252 if (nlAttr != null) { 253 timeoutSec = nlAttr.getValueAsBe32(0); 254 } 255 256 byteBuffer.position(baseOffset); 257 nlAttr = findNextAttrOfType(makeNestedType(CTA_TUPLE_ORIG), byteBuffer); 258 Tuple tupleOrig = null; 259 if (nlAttr != null) { 260 tupleOrig = parseTuple(nlAttr.getValueAsByteBuffer()); 261 } 262 263 byteBuffer.position(baseOffset); 264 nlAttr = findNextAttrOfType(makeNestedType(CTA_TUPLE_REPLY), byteBuffer); 265 Tuple tupleReply = null; 266 if (nlAttr != null) { 267 tupleReply = parseTuple(nlAttr.getValueAsByteBuffer()); 268 } 269 270 // Advance to the end of the message. 271 byteBuffer.position(baseOffset); 272 final int kMinConsumed = StructNlMsgHdr.STRUCT_SIZE + StructNfGenMsg.STRUCT_SIZE; 273 final int kAdditionalSpace = NetlinkConstants.alignedLengthOf( 274 header.nlmsg_len - kMinConsumed); 275 if (byteBuffer.remaining() < kAdditionalSpace) { 276 return null; 277 } 278 byteBuffer.position(baseOffset + kAdditionalSpace); 279 280 return new ConntrackMessage(header, nfGenMsg, tupleOrig, tupleReply, status, timeoutSec); 281 } 282 283 /** 284 * Parses a conntrack tuple from a {@link ByteBuffer}. 285 * 286 * The attribute parsing is interesting on: 287 * - CTA_TUPLE_IP 288 * CTA_IP_V4_SRC 289 * CTA_IP_V4_DST 290 * - CTA_TUPLE_PROTO 291 * CTA_PROTO_NUM 292 * CTA_PROTO_SRC_PORT 293 * CTA_PROTO_DST_PORT 294 * 295 * Assume that the minimum size is the sum of CTA_TUPLE_IP (size: 20) and CTA_TUPLE_PROTO 296 * (size: 28). Here is an example for an expected CTA_TUPLE_ORIG message in raw data: 297 * +--------------------------------------------------------------------------------------+ 298 * | CTA_TUPLE_ORIG | 299 * +--------------------------+-----------------------------------------------------------+ 300 * | 1400 | nla_len = 20 | 301 * | 0180 | nla_type = nested CTA_TUPLE_IP | 302 * | 0800 0100 C0A8500C | nla_type=CTA_IP_V4_SRC, ip=192.168.80.12 | 303 * | 0800 0200 8C700874 | nla_type=CTA_IP_V4_DST, ip=140.112.8.116 | 304 * | 1C00 | nla_len = 28 | 305 * | 0280 | nla_type = nested CTA_TUPLE_PROTO | 306 * | 0500 0100 06 000000 | nla_type=CTA_PROTO_NUM, proto=IPPROTO_TCP (6) | 307 * | 0600 0200 F3F1 0000 | nla_type=CTA_PROTO_SRC_PORT, port=62449 (big endian) | 308 * | 0600 0300 01BB 0000 | nla_type=CTA_PROTO_DST_PORT, port=433 (big endian) | 309 * +--------------------------+-----------------------------------------------------------+ 310 * 311 * The position of the byte buffer doesn't set to the end when the function returns. It is okay 312 * because the caller ConntrackMessage#parse has passed a copy which is used for this parser 313 * only. Moreover, the parser behavior is the same as other existing netlink struct class 314 * parser. Ex: StructInetDiagMsg#parse. 315 */ 316 @Nullable parseTuple(@ullable ByteBuffer byteBuffer)317 private static Tuple parseTuple(@Nullable ByteBuffer byteBuffer) { 318 if (byteBuffer == null) return null; 319 320 TupleIpv4 tupleIpv4 = null; 321 TupleProto tupleProto = null; 322 323 final int baseOffset = byteBuffer.position(); 324 StructNlAttr nlAttr = findNextAttrOfType(makeNestedType(CTA_TUPLE_IP), byteBuffer); 325 if (nlAttr != null) { 326 tupleIpv4 = parseTupleIpv4(nlAttr.getValueAsByteBuffer()); 327 } 328 if (tupleIpv4 == null) return null; 329 330 byteBuffer.position(baseOffset); 331 nlAttr = findNextAttrOfType(makeNestedType(CTA_TUPLE_PROTO), byteBuffer); 332 if (nlAttr != null) { 333 tupleProto = parseTupleProto(nlAttr.getValueAsByteBuffer()); 334 } 335 if (tupleProto == null) return null; 336 337 return new Tuple(tupleIpv4, tupleProto); 338 } 339 340 @Nullable castToInet4Address(@ullable InetAddress address)341 private static Inet4Address castToInet4Address(@Nullable InetAddress address) { 342 if (address == null || !(address instanceof Inet4Address)) return null; 343 return (Inet4Address) address; 344 } 345 346 @Nullable parseTupleIpv4(@ullable ByteBuffer byteBuffer)347 private static TupleIpv4 parseTupleIpv4(@Nullable ByteBuffer byteBuffer) { 348 if (byteBuffer == null) return null; 349 350 Inet4Address src = null; 351 Inet4Address dst = null; 352 353 final int baseOffset = byteBuffer.position(); 354 StructNlAttr nlAttr = findNextAttrOfType(CTA_IP_V4_SRC, byteBuffer); 355 if (nlAttr != null) { 356 src = castToInet4Address(nlAttr.getValueAsInetAddress()); 357 } 358 if (src == null) return null; 359 360 byteBuffer.position(baseOffset); 361 nlAttr = findNextAttrOfType(CTA_IP_V4_DST, byteBuffer); 362 if (nlAttr != null) { 363 dst = castToInet4Address(nlAttr.getValueAsInetAddress()); 364 } 365 if (dst == null) return null; 366 367 return new TupleIpv4(src, dst); 368 } 369 370 @Nullable parseTupleProto(@ullable ByteBuffer byteBuffer)371 private static TupleProto parseTupleProto(@Nullable ByteBuffer byteBuffer) { 372 if (byteBuffer == null) return null; 373 374 byte protoNum = 0; 375 short srcPort = 0; 376 short dstPort = 0; 377 378 final int baseOffset = byteBuffer.position(); 379 StructNlAttr nlAttr = findNextAttrOfType(CTA_PROTO_NUM, byteBuffer); 380 if (nlAttr != null) { 381 protoNum = nlAttr.getValueAsByte((byte) 0); 382 } 383 if (!(protoNum == IPPROTO_TCP || protoNum == IPPROTO_UDP)) return null; 384 385 byteBuffer.position(baseOffset); 386 nlAttr = StructNlAttr.findNextAttrOfType(CTA_PROTO_SRC_PORT, byteBuffer); 387 if (nlAttr != null) { 388 srcPort = nlAttr.getValueAsBe16((short) 0); 389 } 390 if (srcPort == 0) return null; 391 392 byteBuffer.position(baseOffset); 393 nlAttr = StructNlAttr.findNextAttrOfType(CTA_PROTO_DST_PORT, byteBuffer); 394 if (nlAttr != null) { 395 dstPort = nlAttr.getValueAsBe16((short) 0); 396 } 397 if (dstPort == 0) return null; 398 399 return new TupleProto(protoNum, srcPort, dstPort); 400 } 401 402 /** 403 * Netfilter header. 404 */ 405 public final StructNfGenMsg nfGenMsg; 406 /** 407 * Original direction conntrack tuple. 408 * 409 * The tuple is determined by the parsed attribute value CTA_TUPLE_ORIG, or null if the 410 * tuple could not be parsed successfully (for example, if it was truncated or absent). 411 */ 412 @Nullable 413 public final Tuple tupleOrig; 414 /** 415 * Reply direction conntrack tuple. 416 * 417 * The tuple is determined by the parsed attribute value CTA_TUPLE_REPLY, or null if the 418 * tuple could not be parsed successfully (for example, if it was truncated or absent). 419 */ 420 @Nullable 421 public final Tuple tupleReply; 422 /** 423 * Connection status. A bitmask of ip_conntrack_status enum flags. 424 * 425 * The status is determined by the parsed attribute value CTA_STATUS, or 0 if the status could 426 * not be parsed successfully (for example, if it was truncated or absent). For the message 427 * from kernel, the valid status is non-zero. For the message from user space, the status may 428 * be 0 (absent). 429 */ 430 public final int status; 431 /** 432 * Conntrack timeout. 433 * 434 * The timeout is determined by the parsed attribute value CTA_TIMEOUT, or 0 if the timeout 435 * could not be parsed successfully (for example, if it was truncated or absent). For 436 * IPCTNL_MSG_CT_NEW event, the valid timeout is non-zero. For IPCTNL_MSG_CT_DELETE event, the 437 * timeout is 0 (absent). 438 */ 439 public final int timeoutSec; 440 ConntrackMessage()441 private ConntrackMessage() { 442 super(new StructNlMsgHdr()); 443 nfGenMsg = new StructNfGenMsg((byte) OsConstants.AF_INET); 444 445 // This constructor is only used by #newIPv4TimeoutUpdateRequest which doesn't use these 446 // data member for packing message. Simply fill them to null or 0. 447 tupleOrig = null; 448 tupleReply = null; 449 status = 0; 450 timeoutSec = 0; 451 } 452 ConntrackMessage(@onNull StructNlMsgHdr header, @NonNull StructNfGenMsg nfGenMsg, @Nullable Tuple tupleOrig, @Nullable Tuple tupleReply, int status, int timeoutSec)453 private ConntrackMessage(@NonNull StructNlMsgHdr header, @NonNull StructNfGenMsg nfGenMsg, 454 @Nullable Tuple tupleOrig, @Nullable Tuple tupleReply, int status, int timeoutSec) { 455 super(header); 456 this.nfGenMsg = nfGenMsg; 457 this.tupleOrig = tupleOrig; 458 this.tupleReply = tupleReply; 459 this.status = status; 460 this.timeoutSec = timeoutSec; 461 } 462 463 /** 464 * Write a netfilter message to {@link ByteBuffer}. 465 */ pack(ByteBuffer byteBuffer)466 public void pack(ByteBuffer byteBuffer) { 467 mHeader.pack(byteBuffer); 468 nfGenMsg.pack(byteBuffer); 469 } 470 getMessageType()471 public short getMessageType() { 472 return (short) (getHeader().nlmsg_type & ~(NetlinkConstants.NFNL_SUBSYS_CTNETLINK << 8)); 473 } 474 475 /** 476 * Convert an ip conntrack status to a string. 477 */ stringForIpConntrackStatus(int flags)478 public static String stringForIpConntrackStatus(int flags) { 479 final StringBuilder sb = new StringBuilder(); 480 481 if ((flags & IPS_EXPECTED) != 0) { 482 sb.append("IPS_EXPECTED"); 483 } 484 if ((flags & IPS_SEEN_REPLY) != 0) { 485 if (sb.length() > 0) sb.append("|"); 486 sb.append("IPS_SEEN_REPLY"); 487 } 488 if ((flags & IPS_ASSURED) != 0) { 489 if (sb.length() > 0) sb.append("|"); 490 sb.append("IPS_ASSURED"); 491 } 492 if ((flags & IPS_CONFIRMED) != 0) { 493 if (sb.length() > 0) sb.append("|"); 494 sb.append("IPS_CONFIRMED"); 495 } 496 if ((flags & IPS_SRC_NAT) != 0) { 497 if (sb.length() > 0) sb.append("|"); 498 sb.append("IPS_SRC_NAT"); 499 } 500 if ((flags & IPS_DST_NAT) != 0) { 501 if (sb.length() > 0) sb.append("|"); 502 sb.append("IPS_DST_NAT"); 503 } 504 if ((flags & IPS_SEQ_ADJUST) != 0) { 505 if (sb.length() > 0) sb.append("|"); 506 sb.append("IPS_SEQ_ADJUST"); 507 } 508 if ((flags & IPS_SRC_NAT_DONE) != 0) { 509 if (sb.length() > 0) sb.append("|"); 510 sb.append("IPS_SRC_NAT_DONE"); 511 } 512 if ((flags & IPS_DST_NAT_DONE) != 0) { 513 if (sb.length() > 0) sb.append("|"); 514 sb.append("IPS_DST_NAT_DONE"); 515 } 516 if ((flags & IPS_DYING) != 0) { 517 if (sb.length() > 0) sb.append("|"); 518 sb.append("IPS_DYING"); 519 } 520 if ((flags & IPS_FIXED_TIMEOUT) != 0) { 521 if (sb.length() > 0) sb.append("|"); 522 sb.append("IPS_FIXED_TIMEOUT"); 523 } 524 if ((flags & IPS_TEMPLATE) != 0) { 525 if (sb.length() > 0) sb.append("|"); 526 sb.append("IPS_TEMPLATE"); 527 } 528 if ((flags & IPS_UNTRACKED) != 0) { 529 if (sb.length() > 0) sb.append("|"); 530 sb.append("IPS_UNTRACKED"); 531 } 532 if ((flags & IPS_HELPER) != 0) { 533 if (sb.length() > 0) sb.append("|"); 534 sb.append("IPS_HELPER"); 535 } 536 if ((flags & IPS_OFFLOAD) != 0) { 537 if (sb.length() > 0) sb.append("|"); 538 sb.append("IPS_OFFLOAD"); 539 } 540 if ((flags & IPS_HW_OFFLOAD) != 0) { 541 if (sb.length() > 0) sb.append("|"); 542 sb.append("IPS_HW_OFFLOAD"); 543 } 544 return sb.toString(); 545 } 546 547 @Override toString()548 public String toString() { 549 return "ConntrackMessage{" 550 + "nlmsghdr{" 551 + (mHeader == null ? "" : mHeader.toString(OsConstants.NETLINK_NETFILTER)) 552 + "}, " 553 + "nfgenmsg{" + nfGenMsg + "}, " 554 + "tuple_orig{" + tupleOrig + "}, " 555 + "tuple_reply{" + tupleReply + "}, " 556 + "status{" + status + "(" + stringForIpConntrackStatus(status) + ")" + "}, " 557 + "timeout_sec{" + Integer.toUnsignedLong(timeoutSec) + "}" 558 + "}"; 559 } 560 } 561