 |
netfilter
firewalling, NAT, and packet mangling for linux
|
|
|
netfilter
firewalling, NAT, and packet mangling for linux
|
|
Functions | |
| struct nfct_filter * | nfct_filter_create (void) |
| nfct_filter_create - create a filter More... | |
| void | nfct_filter_destroy (struct nfct_filter *filter) |
| nfct_filter_destroy - destroy a filter More... | |
| void | nfct_filter_add_attr (struct nfct_filter *filter, const enum nfct_filter_attr type, const void *value) |
| nfct_filter_add_attr - add a filter attribute of the filter object More... | |
| void | nfct_filter_add_attr_u32 (struct nfct_filter *filter, const enum nfct_filter_attr type, u_int32_t value) |
| nfct_filter_add_attr_u32 - add an u32 filter attribute of the filter object More... | |
| int | nfct_filter_set_logic (struct nfct_filter *filter, const enum nfct_filter_attr type, const enum nfct_filter_logic logic) |
| nfct_filter_set_logic - set the filter logic for an attribute type More... | |
| int | nfct_filter_attach (int fd, struct nfct_filter *filter) |
| nfct_filter_attach - attach a filter to a socket descriptor More... | |
| int | nfct_filter_detach (int fd) |
| nfct_filter_detach - detach an existing filter More... | |
| void nfct_filter_add_attr | ( | struct nfct_filter * | filter, |
| const enum nfct_filter_attr | type, | ||
| const void * | value | ||
| ) |
nfct_filter_add_attr - add a filter attribute of the filter object
| filter | filter object that we want to modify |
| type | filter attribute type |
| value | pointer to the value of the filter attribute |
Limitations: You can add up to 127 IPv4 addresses and masks for NFCT_FILTER_SRC_IPV4 and, similarly, 127 for NFCT_FILTER_DST_IPV4.
References filter_attr_array, NFCT_FILTER_MAX, NULL, type, unlikely, and value.
Referenced by main(), and nfct_filter_add_attr_u32().
| void nfct_filter_add_attr_u32 | ( | struct nfct_filter * | filter, |
| const enum nfct_filter_attr | type, | ||
| u_int32_t | value | ||
| ) |
nfct_filter_add_attr_u32 - add an u32 filter attribute of the filter object
| filter | filter object that we want to modify |
| type | filter attribute type |
| value | value of the filter attribute using unsigned int (32 bits). |
Limitations: You can add up to 255 protocols which is a reasonable limit.
References nfct_filter_add_attr().
Referenced by main().
| int nfct_filter_attach | ( | int | fd, |
| struct nfct_filter * | filter | ||
| ) |
nfct_filter_attach - attach a filter to a socket descriptor
| fd | socket descriptor |
| filter | filter that we want to attach to the socket |
This function returns -1 on error and set errno appropriately. If the function returns EINVAL probably you have found a bug in it. Please, report this.
References __setup_netlink_socket_filter(), and NULL.
Referenced by main(), and nl_init_event_handler().
| struct nfct_filter* nfct_filter_create | ( | void | ) |
nfct_filter_create - create a filter
This function returns a valid pointer on success, otherwise NULL is returned and errno is appropriately set.
Referenced by main().
| void nfct_filter_destroy | ( | struct nfct_filter * | filter | ) |
nfct_filter_destroy - destroy a filter
| filter | filter that we want to destroy |
This function releases the memory that is used by the filter object. However, please note that this function does not detach an already attached filter.
References NULL.
Referenced by main(), and nl_init_event_handler().
| int nfct_filter_detach | ( | int | fd | ) |
nfct_filter_detach - detach an existing filter
| fd | socket descriptor |
This function returns -1 on error and set errno appropriately.
| int nfct_filter_set_logic | ( | struct nfct_filter * | filter, |
| const enum nfct_filter_attr | type, | ||
| const enum nfct_filter_logic | logic | ||
| ) |
nfct_filter_set_logic - set the filter logic for an attribute type
| filter | filter object that we want to modify |
| type | filter attribute type |
| logic | filter logic that we want to use |
You can only use this function once to set the filtering logic for one attribute. You can define two logics: NFCT_FILTER_LOGIC_POSITIVE that accept events that match the filter, and NFCT_FILTER_LOGIC_NEGATIVE that rejects events that match the filter. Default filtering logic is NFCT_FILTER_LOGIC_POSITIVE.
On error, it returns -1 and errno is appropriately set. On success, it returns 0.
References nfct_filter::logic, NFCT_FILTER_MAX, type, and unlikely.
Referenced by main().
1.8.8