netfilter
firewalling, NAT, and packet mangling for linux
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Modules Pages
Kernel-space filtering for events

Functions

struct nfct_filternfct_filter_create (void)
 nfct_filter_create - create a filter More...
 
void nfct_filter_destroy (struct nfct_filter *filter)
 nfct_filter_destroy - destroy a filter More...
 
void nfct_filter_add_attr (struct nfct_filter *filter, const enum nfct_filter_attr type, const void *value)
 nfct_filter_add_attr - add a filter attribute of the filter object More...
 
void nfct_filter_add_attr_u32 (struct nfct_filter *filter, const enum nfct_filter_attr type, u_int32_t value)
 nfct_filter_add_attr_u32 - add an u32 filter attribute of the filter object More...
 
int nfct_filter_set_logic (struct nfct_filter *filter, const enum nfct_filter_attr type, const enum nfct_filter_logic logic)
 nfct_filter_set_logic - set the filter logic for an attribute type More...
 
int nfct_filter_attach (int fd, struct nfct_filter *filter)
 nfct_filter_attach - attach a filter to a socket descriptor More...
 
int nfct_filter_detach (int fd)
 nfct_filter_detach - detach an existing filter More...
 

Detailed Description

Function Documentation

void nfct_filter_add_attr ( struct nfct_filter filter,
const enum nfct_filter_attr  type,
const void *  value 
)

nfct_filter_add_attr - add a filter attribute of the filter object

Parameters
filterfilter object that we want to modify
typefilter attribute type
valuepointer to the value of the filter attribute

Limitations: You can add up to 127 IPv4 addresses and masks for NFCT_FILTER_SRC_IPV4 and, similarly, 127 for NFCT_FILTER_DST_IPV4.

References filter_attr_array, NFCT_FILTER_MAX, NULL, type, unlikely, and value.

Referenced by main(), and nfct_filter_add_attr_u32().

Here is the caller graph for this function:

void nfct_filter_add_attr_u32 ( struct nfct_filter filter,
const enum nfct_filter_attr  type,
u_int32_t  value 
)

nfct_filter_add_attr_u32 - add an u32 filter attribute of the filter object

Parameters
filterfilter object that we want to modify
typefilter attribute type
valuevalue of the filter attribute using unsigned int (32 bits).

Limitations: You can add up to 255 protocols which is a reasonable limit.

References nfct_filter_add_attr().

Referenced by main().

Here is the call graph for this function:

Here is the caller graph for this function:

int nfct_filter_attach ( int  fd,
struct nfct_filter filter 
)

nfct_filter_attach - attach a filter to a socket descriptor

Parameters
fdsocket descriptor
filterfilter that we want to attach to the socket

This function returns -1 on error and set errno appropriately. If the function returns EINVAL probably you have found a bug in it. Please, report this.

References __setup_netlink_socket_filter(), and NULL.

Referenced by main(), and nl_init_event_handler().

Here is the call graph for this function:

Here is the caller graph for this function:

struct nfct_filter* nfct_filter_create ( void  )

nfct_filter_create - create a filter

This function returns a valid pointer on success, otherwise NULL is returned and errno is appropriately set.

Referenced by main().

Here is the caller graph for this function:

void nfct_filter_destroy ( struct nfct_filter filter)

nfct_filter_destroy - destroy a filter

Parameters
filterfilter that we want to destroy

This function releases the memory that is used by the filter object. However, please note that this function does not detach an already attached filter.

References NULL.

Referenced by main(), and nl_init_event_handler().

Here is the caller graph for this function:

int nfct_filter_detach ( int  fd)

nfct_filter_detach - detach an existing filter

Parameters
fdsocket descriptor

This function returns -1 on error and set errno appropriately.

int nfct_filter_set_logic ( struct nfct_filter filter,
const enum nfct_filter_attr  type,
const enum nfct_filter_logic  logic 
)

nfct_filter_set_logic - set the filter logic for an attribute type

Parameters
filterfilter object that we want to modify
typefilter attribute type
logicfilter logic that we want to use

You can only use this function once to set the filtering logic for one attribute. You can define two logics: NFCT_FILTER_LOGIC_POSITIVE that accept events that match the filter, and NFCT_FILTER_LOGIC_NEGATIVE that rejects events that match the filter. Default filtering logic is NFCT_FILTER_LOGIC_POSITIVE.

On error, it returns -1 and errno is appropriately set. On success, it returns 0.

References nfct_filter::logic, NFCT_FILTER_MAX, type, and unlikely.

Referenced by main().

Here is the caller graph for this function: