 |
netfilter
firewalling, NAT, and packet mangling for linux
|
|
|
netfilter
firewalling, NAT, and packet mangling for linux
|
|
|
Macros | |
| #define | NFNLMSG_CT_TYPE(type) NFNLMSG_TYPE(NFNL_SUBSYS_CTNETLINK, (type)) |
Functions | |
| struct nf_conntrack * | nfct_new (void) |
| nfct_conntrack_new - allocate a new conntrack More... | |
| void | nfct_destroy (struct nf_conntrack *ct) |
| nf_conntrack_destroy - release a conntrack object More... | |
| size_t | nfct_sizeof (const struct nf_conntrack *ct) |
| nf_sizeof - return the size in bytes of a certain conntrack object More... | |
| size_t | nfct_maxsize (void) |
| nfct_maxsize - return the maximum size in bytes of a conntrack object More... | |
| struct nf_conntrack * | nfct_clone (const struct nf_conntrack *ct) |
| nfct_clone - clone a conntrack object More... | |
| int | nfct_setobjopt (struct nf_conntrack *ct, unsigned int option) |
| nfct_setobjopt - set a certain option for a conntrack object More... | |
| int | nfct_getobjopt (const struct nf_conntrack *ct, unsigned int option) |
| nfct_getobjopt - get a certain option for a conntrack object More... | |
| void | nfct_set_attr_l (struct nf_conntrack *ct, const enum nf_conntrack_attr type, const void *value, size_t len) |
| nfct_set_attr_l - set the value of a certain conntrack attribute More... | |
| void | nfct_set_attr (struct nf_conntrack *ct, const enum nf_conntrack_attr type, const void *value) |
| nfct_set_attr - set the value of a certain conntrack attribute More... | |
| void | nfct_set_attr_u8 (struct nf_conntrack *ct, const enum nf_conntrack_attr type, u_int8_t value) |
| nfct_set_attr_u8 - set the value of a certain conntrack attribute More... | |
| void | nfct_set_attr_u16 (struct nf_conntrack *ct, const enum nf_conntrack_attr type, u_int16_t value) |
| nfct_set_attr_u16 - set the value of a certain conntrack attribute More... | |
| void | nfct_set_attr_u32 (struct nf_conntrack *ct, const enum nf_conntrack_attr type, u_int32_t value) |
| nfct_set_attr_u32 - set the value of a certain conntrack attribute More... | |
| void | nfct_set_attr_u64 (struct nf_conntrack *ct, const enum nf_conntrack_attr type, u_int64_t value) |
| nfct_set_attr_u64 - set the value of a certain conntrack attribute More... | |
| const void * | nfct_get_attr (const struct nf_conntrack *ct, const enum nf_conntrack_attr type) |
| nfct_get_attr - get a conntrack attribute More... | |
| u_int8_t | nfct_get_attr_u8 (const struct nf_conntrack *ct, const enum nf_conntrack_attr type) |
| nfct_get_attr_u8 - get attribute of unsigned 8-bits long More... | |
| u_int16_t | nfct_get_attr_u16 (const struct nf_conntrack *ct, const enum nf_conntrack_attr type) |
| nfct_get_attr_u16 - get attribute of unsigned 16-bits long More... | |
| u_int32_t | nfct_get_attr_u32 (const struct nf_conntrack *ct, const enum nf_conntrack_attr type) |
| nfct_get_attr_u32 - get attribute of unsigned 32-bits long More... | |
| u_int64_t | nfct_get_attr_u64 (const struct nf_conntrack *ct, const enum nf_conntrack_attr type) |
| nfct_get_attr_u64 - get attribute of unsigned 32-bits long More... | |
| int | nfct_attr_is_set (const struct nf_conntrack *ct, const enum nf_conntrack_attr type) |
| nfct_attr_is_set - check if a certain attribute is set More... | |
| int | nfct_attr_is_set_array (const struct nf_conntrack *ct, const enum nf_conntrack_attr *type_array, int size) |
| nfct_attr_is_set_array - check if an array of attribute types is set More... | |
| int | nfct_attr_unset (struct nf_conntrack *ct, const enum nf_conntrack_attr type) |
| nfct_attr_unset - unset a certain attribute More... | |
| void | nfct_set_attr_grp (struct nf_conntrack *ct, const enum nf_conntrack_attr_grp type, const void *data) |
| nfct_set_attr_grp - set a group of attributes More... | |
| int | nfct_get_attr_grp (const struct nf_conntrack *ct, const enum nf_conntrack_attr_grp type, void *data) |
| nfct_get_attr_grp - get an attribute group More... | |
| int | nfct_attr_grp_is_set (const struct nf_conntrack *ct, const enum nf_conntrack_attr_grp type) |
| nfct_attr_grp_is_set - check if an attribute group is set More... | |
| int | nfct_attr_grp_unset (struct nf_conntrack *ct, const enum nf_conntrack_attr_grp type) |
| nfct_attr_grp_unset - unset an attribute group More... | |
| int | nfct_snprintf (char *buf, unsigned int size, const struct nf_conntrack *ct, unsigned int msg_type, unsigned int out_type, unsigned int flags) |
| nfct_snprintf - print a conntrack object to a buffer More... | |
| int | nfct_snprintf_labels (char *buf, unsigned int size, const struct nf_conntrack *ct, unsigned int msg_type, unsigned int out_type, unsigned int flags, struct nfct_labelmap *map) |
| nfct_snprintf_labels - print a bitmask object to a buffer including labels More... | |
| int | nfct_compare (const struct nf_conntrack *ct1, const struct nf_conntrack *ct2) |
| nfct_compare - compare two conntrack objects More... | |
| int | nfct_cmp (const struct nf_conntrack *ct1, const struct nf_conntrack *ct2, unsigned int flags) |
| nfct_cmp - compare two conntrack objects More... | |
| void | nfct_copy (struct nf_conntrack *ct1, const struct nf_conntrack *ct2, unsigned int flags) |
| nfct_copy - copy part of one source object to another More... | |
| void | nfct_copy_attr (struct nf_conntrack *ct1, const struct nf_conntrack *ct2, const enum nf_conntrack_attr type) |
| nfct_copy_attr - copy an attribute of one source object to another More... | |
| int | nfnlmsg_ct_group (struct nlmsghdr *nlh) |
| int | nfnlmsg_ct_parse (struct nlmsghdr *nlh, struct nfnl_ct **result) |
| int | nfnl_ct_dump_request (struct nl_sock *sk) |
| int | nfnl_ct_build_add_request (const struct nfnl_ct *ct, int flags, struct nl_msg **result) |
| int | nfnl_ct_add (struct nl_sock *sk, const struct nfnl_ct *ct, int flags) |
| int | nfnl_ct_build_delete_request (const struct nfnl_ct *ct, int flags, struct nl_msg **result) |
| int | nfnl_ct_del (struct nl_sock *sk, const struct nfnl_ct *ct, int flags) |
| int | nfnl_ct_build_query_request (const struct nfnl_ct *ct, int flags, struct nl_msg **result) |
| int | nfnl_ct_query (struct nl_sock *sk, const struct nfnl_ct *ct, int flags) |
Cache Management | |
| int | nfnl_ct_alloc_cache (struct nl_sock *sk, struct nl_cache **result) |
| Build a conntrack cache holding all conntrack currently in the kernel. More... | |
| #define NFNLMSG_CT_TYPE | ( | type | ) | NFNLMSG_TYPE(NFNL_SUBSYS_CTNETLINK, (type)) |
| int nfct_attr_grp_is_set | ( | const struct nf_conntrack * | ct, |
| const enum nf_conntrack_attr_grp | type | ||
| ) |
nfct_attr_grp_is_set - check if an attribute group is set
| ct | pointer to a valid conntrack object |
| type | attribute group (see ATTR_GRP_*) |
If the attribute group is set, this function returns 1, otherwise 0.
References __NFCT_BITSET, ATTR_GRP_MAX, attr_grp_bitmask::bitmask, nf_conntrack::head, NFCT_BITMASK_AND, NFCT_BITMASK_OR, NULL, nfct_tuple_head::set, and unlikely.
Referenced by ct2msg(), and exp2msg().
| int nfct_attr_grp_unset | ( | struct nf_conntrack * | ct, |
| const enum nf_conntrack_attr_grp | type | ||
| ) |
nfct_attr_grp_unset - unset an attribute group
| ct | pointer to a valid conntrack object |
| type | attribute group (see ATTR_GRP_*) |
On error, it returns -1 and errno is appropriately set. On success, this function returns 0.
References __NFCT_BITSET, ATTR_GRP_MAX, attr_grp_bitmask::bitmask, nf_conntrack::head, NULL, nfct_tuple_head::set, and unlikely.
| int nfct_attr_is_set | ( | const struct nf_conntrack * | ct, |
| const enum nf_conntrack_attr | type | ||
| ) |
nfct_attr_is_set - check if a certain attribute is set
| ct | pointer to a valid conntrack object |
| type | attribute type |
On error, -1 is returned and errno is set appropiately, otherwise the value of the attribute is returned.
References ATTR_MAX, nf_conntrack::head, NULL, nfct_tuple_head::set, and unlikely.
Referenced by cb_tcp_destroy(), ct2msg(), nl_create_conntrack(), and nl_update_conntrack().
| int nfct_attr_is_set_array | ( | const struct nf_conntrack * | ct, |
| const enum nf_conntrack_attr * | type_array, | ||
| int | size | ||
| ) |
nfct_attr_is_set_array - check if an array of attribute types is set
| ct | pointer to a valid conntrack object |
| array | attribute type array |
| size | size of the array |
On error, -1 is returned and errno is set appropiately, otherwise the value of the attribute is returned.
References ATTR_MAX, nf_conntrack::head, NULL, nfct_tuple_head::set, size, and unlikely.
Referenced by ct2msg().
| int nfct_attr_unset | ( | struct nf_conntrack * | ct, |
| const enum nf_conntrack_attr | type | ||
| ) |
nfct_attr_unset - unset a certain attribute
| type | attribute type |
| ct | pointer to a valid conntrack object |
On error, -1 is returned and errno is set appropiately, otherwise 0 is returned.
References ATTR_MAX, nf_conntrack::head, NULL, nfct_tuple_head::set, and unlikely.
Referenced by nl_update_conntrack().
| struct nf_conntrack* nfct_clone | ( | const struct nf_conntrack * | ct | ) |
nfct_clone - clone a conntrack object
| ct | pointer to a valid conntrack object |
On error, NULL is returned and errno is appropiately set. Otherwise, a valid pointer to the clone conntrack is returned.
References nfct_copy(), NFCT_CP_OVERRIDE, nfct_new(), and NULL.
Referenced by nl_create_conntrack(), and nl_update_conntrack().
| int nfct_cmp | ( | const struct nf_conntrack * | ct1, |
| const struct nf_conntrack * | ct2, | ||
| unsigned int | flags | ||
| ) |
nfct_cmp - compare two conntrack objects
| ct1 | pointer to a valid conntrack object |
| ct2 | pointer to a valid conntrack object |
| flags | flags |
This function only compare attribute set in both objects, by default the comparison is not strict, ie. if a certain attribute is not set in one of the objects, then such attribute is not used in the comparison. If you want more strict comparisons, you can use the appropriate flags to modify this behaviour (see NFCT_CMP_STRICT and NFCT_CMP_MASK).
The available flags are:
- NFCT_CMP_STRICT: the compared objects must have the same attributes and the same values, otherwise it returns that the objects are different. - NFCT_CMP_MASK: the first object is used as mask, this means that if an attribute is present in ct1 but not in ct2, this function returns that the objects are different. - NFCT_CMP_ALL: full comparison of both objects - NFCT_CMP_ORIG: it only compares the source and destination address; source and destination ports; the layer 3 and 4 protocol numbers of the original direction; and the id (if present). - NFCT_CMP_REPL: like NFCT_CMP_REPL but it compares the flow information that goes in the reply direction. - NFCT_CMP_TIMEOUT_EQ: timeout(ct1) == timeout(ct2) - NFCT_CMP_TIMEOUT_GT: timeout(ct1) > timeout(ct2) - NFCT_CMP_TIMEOUT_LT: timeout(ct1) < timeout(ct2) - NFCT_CMP_TIMEOUT_GE: timeout(ct1) >= timeout(ct2) - NFCT_CMP_TIMEOUT_LE: timeout(ct1) <= timeout(ct2)
The status bits comparison is status(ct1) & status(ct2) == status(ct1).
If both conntrack object are equal, this function returns 1, otherwise 0 is returned.
References __compare(), and NULL.
| int nfct_compare | ( | const struct nf_conntrack * | ct1, |
| const struct nf_conntrack * | ct2 | ||
| ) |
nfct_compare - compare two conntrack objects
| ct1 | pointer to a valid conntrack object |
| ct2 | pointer to a valid conntrack object |
This function only compare attribute set in both objects, ie. if a certain attribute is not set in ct1 but it is in ct2, then the value of such attribute is not used in the comparison.
If both conntrack object are equal, this function returns 1, otherwise 0 is returned.
NOTICE: The use nfct_cmp is preferred.
References __compare(), NFCT_CMP_ALL, and NULL.
| void nfct_copy | ( | struct nf_conntrack * | ct1, |
| const struct nf_conntrack * | ct2, | ||
| unsigned int | flags | ||
| ) |
nfct_copy - copy part of one source object to another
| ct1 | destination object |
| ct2 | source object |
| flags | flags |
This function copies one part of the source object to the target. It behaves like clone but:
1) You have to pass an already allocated space for the target object 2) You can copy only a part of the source object to the target
The current supported flags are:
NFCT_CP_OVERRIDE: changes the default behaviour of nfct_copy() since it overrides the destination object. After the copy, the destination is a clone of the origin. This flag provides faster copying.
References __copy_fast(), __CP_ORIG_MAX, __CP_REPL_MAX, ATTR_ICMP_CODE, ATTR_ICMP_ID, ATTR_ICMP_TYPE, ATTR_MAX, ATTR_ORIG_IPV4_DST, ATTR_ORIG_IPV4_SRC, ATTR_ORIG_IPV6_DST, ATTR_ORIG_IPV6_SRC, ATTR_ORIG_L3PROTO, ATTR_ORIG_L4PROTO, ATTR_ORIG_PORT_DST, ATTR_ORIG_PORT_SRC, ATTR_REPL_IPV4_DST, ATTR_REPL_IPV4_SRC, ATTR_REPL_IPV6_DST, ATTR_REPL_IPV6_SRC, ATTR_REPL_L3PROTO, ATTR_REPL_L4PROTO, ATTR_REPL_PORT_DST, ATTR_REPL_PORT_SRC, ATTR_TCP_STATE, copy_attr_array, nf_conntrack::head, NFCT_CP_ALL, NFCT_CP_META, NFCT_CP_ORIG, NFCT_CP_OVERRIDE, NFCT_CP_REPL, NULL, and nfct_tuple_head::set.
Referenced by nfct_clone(), and nl_get_conntrack().
| void nfct_copy_attr | ( | struct nf_conntrack * | ct1, |
| const struct nf_conntrack * | ct2, | ||
| const enum nf_conntrack_attr | type | ||
| ) |
nfct_copy_attr - copy an attribute of one source object to another
| ct1 | destination object |
| ct2 | source object |
| flags | flags |
This function copies one attribute (if present) to another object.
References copy_attr_array, nf_conntrack::head, nfct_tuple_head::set, and type.
Referenced by main().
| void nfct_destroy | ( | struct nf_conntrack * | ct | ) |
nf_conntrack_destroy - release a conntrack object
| ct | pointer to the conntrack object |
References nf_conntrack::connlabels, nf_conntrack::connlabels_mask, nf_conntrack::helper_info, nfct_bitmask_destroy(), NULL, and nf_conntrack::secctx.
Referenced by __callback(), cb_icmp_destroy(), cb_icmp_new(), cb_icmp_update(), cb_tcp_close(), cb_tcp_close_wait(), cb_tcp_destroy(), cb_tcp_established(), cb_tcp_fin_wait(), cb_tcp_new(), cb_tcp_syn_recv(), cb_udp_destroy(), cb_udp_new(), cb_udp_update(), cthelper_expect_init(), debug_nfct_cb(), main(), msg2exp(), nl_create_conntrack(), nl_get_conntrack(), and nl_update_conntrack().
| const void* nfct_get_attr | ( | const struct nf_conntrack * | ct, |
| const enum nf_conntrack_attr | type | ||
| ) |
nfct_get_attr - get a conntrack attribute
| ct | pointer to a valid conntrack |
| type | attribute type |
In case of success a valid pointer to the attribute requested is returned, on error NULL is returned and errno is set appropiately.
References ATTR_MAX, ct, get_attr_array, nf_conntrack::head, NULL, nfct_tuple_head::set, type, and unlikely.
Referenced by main(), nfct_get_attr_u16(), nfct_get_attr_u32(), nfct_get_attr_u64(), and nfct_get_attr_u8().
| int nfct_get_attr_grp | ( | const struct nf_conntrack * | ct, |
| const enum nf_conntrack_attr_grp | type, | ||
| void * | data | ||
| ) |
nfct_get_attr_grp - get an attribute group
| ct | pointer to a valid conntrack object |
| type | attribute group (see ATTR_GRP_*) |
| data | pointer to struct (see struct nfct_attr_grp_*) |
On error, it returns -1 and errno is appropriately set. On success, the data pointer contains the attribute group.
References __NFCT_BITSET, ATTR_GRP_MAX, attr_grp_bitmask::bitmask, ct, data, get_attr_grp_array, nf_conntrack::head, NFCT_BITMASK_AND, NFCT_BITMASK_OR, NULL, nfct_tuple_head::set, type, and unlikely.
Referenced by cthelper_get_addr_dst(), cthelper_get_addr_src(), and main().
| u_int16_t nfct_get_attr_u16 | ( | const struct nf_conntrack * | ct, |
| const enum nf_conntrack_attr | type | ||
| ) |
nfct_get_attr_u16 - get attribute of unsigned 16-bits long
| ct | pointer to a valid conntrack |
| type | attribute type |
Returns the value of the requested attribute, if the attribute is not set, 0 is returned. In order to check if the attribute is set or not, use nfct_attr_is_set.
References nfct_get_attr(), and NULL.
Referenced by assert_port(), cthelper_get_port_dst(), and cthelper_get_port_src().
| u_int32_t nfct_get_attr_u32 | ( | const struct nf_conntrack * | ct, |
| const enum nf_conntrack_attr | type | ||
| ) |
nfct_get_attr_u32 - get attribute of unsigned 32-bits long
| ct | pointer to a valid conntrack |
| type | attribute type |
Returns the value of the requested attribute, if the attribute is not set, 0 is returned. In order to check if the attribute is set or not, use nfct_attr_is_set.
References nfct_get_attr(), and NULL.
Referenced by assert_inaddr(), author_destroy(), author_new(), author_update(), cb_tcp_close(), cb_tcp_close_wait(), cb_tcp_destroy(), cb_tcp_established(), cb_tcp_fin_wait(), nl_create_conntrack(), nl_update_conntrack(), and update_traffic_stats().
| u_int64_t nfct_get_attr_u64 | ( | const struct nf_conntrack * | ct, |
| const enum nf_conntrack_attr | type | ||
| ) |
nfct_get_attr_u64 - get attribute of unsigned 32-bits long
| ct | pointer to a valid conntrack |
| type | attribute type |
Returns the value of the requested attribute, if the attribute is not set, 0 is returned. In order to check if the attribute is set or not, use nfct_attr_is_set.
References nfct_get_attr(), and NULL.
| u_int8_t nfct_get_attr_u8 | ( | const struct nf_conntrack * | ct, |
| const enum nf_conntrack_attr | type | ||
| ) |
nfct_get_attr_u8 - get attribute of unsigned 8-bits long
| ct | pointer to a valid conntrack |
| type | attribute type |
Returns the value of the requested attribute, if the attribute is not set, 0 is returned. In order to check if the attribute is set or not, use nfct_attr_is_set.
References nfct_get_attr(), and NULL.
Referenced by assert_proto(), assert_typecode(), cb_tcp_close(), cb_tcp_close_wait(), cb_tcp_established(), cb_tcp_fin_wait(), cb_tcp_new(), cb_tcp_syn_recv(), ct2msg(), cthelper_expect_init(), exp2msg(), nl_create_conntrack(), and nl_update_conntrack().
| int nfct_getobjopt | ( | const struct nf_conntrack * | ct, |
| unsigned int | option | ||
| ) |
nfct_getobjopt - get a certain option for a conntrack object
| ct | conntrack object |
| option | option parameter |
In case of error, -1 is returned and errno is appropiately set. On success, 0 is returned.
References __getobjopt(), NFCT_GOPT_MAX, NULL, and unlikely.
Referenced by ct2msg().
| size_t nfct_maxsize | ( | void | ) |
nfct_maxsize - return the maximum size in bytes of a conntrack object
Use this function if you want to allocate a conntrack object in the stack instead of the heap. For example:
char buf[nfct_maxsize()];
struct nf_conntrack *ct = (struct nf_conntrack *) buf;
memset(ct, 0, nfct_maxsize());
Note: As for now this function returns the same size that nfct_sizeof(ct) does although this could change in the future. Therefore, do not assume that nfct_sizeof(ct) == nfct_maxsize().
This function is DEPRECATED, don't use it in your code.
| struct nf_conntrack* nfct_new | ( | void | ) |
nfct_conntrack_new - allocate a new conntrack
In case of success, this function returns a valid pointer to a memory blob, otherwise NULL is returned and errno is set appropiately.
Referenced by __callback(), author_destroy(), author_new(), author_update(), cthelper_expect_init(), debug_nfct_cb(), main(), msg2exp(), nfct_clone(), and nl_get_conntrack().
| void nfct_set_attr | ( | struct nf_conntrack * | ct, |
| const enum nf_conntrack_attr | type, | ||
| const void * | value | ||
| ) |
nfct_set_attr - set the value of a certain conntrack attribute
| ct | pointer to a valid conntrack |
| type | attribute type |
| value | pointer to the attribute value |
Note that certain attributes are unsettable:
ATTR_SECCTX
References nfct_set_attr_l().
Referenced by cthelper_expect_init(), and main().
| void nfct_set_attr_grp | ( | struct nf_conntrack * | ct, |
| const enum nf_conntrack_attr_grp | type, | ||
| const void * | data | ||
| ) |
nfct_set_attr_grp - set a group of attributes
| ct | pointer to a valid conntrack object |
| type | attribute group (see ATTR_GRP_*) |
| data | pointer to struct (see struct nfct_attr_grp_*) |
Note that calling this function for ATTR_GRP_COUNTER_* and ATTR_GRP_ADDR_* have no effect.
References __NFCT_BITSET, ATTR_GRP_MAX, attr_grp_bitmask::bitmask, ct, data, NULL, set_attr_grp_array, type, and unlikely.
Referenced by main().
| void nfct_set_attr_l | ( | struct nf_conntrack * | ct, |
| const enum nf_conntrack_attr | type, | ||
| const void * | value, | ||
| size_t | len | ||
| ) |
nfct_set_attr_l - set the value of a certain conntrack attribute
| ct | pointer to a valid conntrack |
| type | attribute type |
| pointer | to attribute value |
| length | of attribute value (in bytes) |
References ATTR_MAX, ct, len, NULL, set_attr_array, type, unlikely, and value.
Referenced by main(), nfct_set_attr(), nfct_set_attr_u16(), nfct_set_attr_u32(), nfct_set_attr_u64(), and nfct_set_attr_u8().
| void nfct_set_attr_u16 | ( | struct nf_conntrack * | ct, |
| const enum nf_conntrack_attr | type, | ||
| u_int16_t | value | ||
| ) |
nfct_set_attr_u16 - set the value of a certain conntrack attribute
| ct | pointer to a valid conntrack |
| type | attribute type |
| value | unsigned 16 bits attribute value |
References nfct_set_attr_l().
Referenced by cthelper_expect_init(), and main().
| void nfct_set_attr_u32 | ( | struct nf_conntrack * | ct, |
| const enum nf_conntrack_attr | type, | ||
| u_int32_t | value | ||
| ) |
nfct_set_attr_u32 - set the value of a certain conntrack attribute
| ct | pointer to a valid conntrack |
| type | attribute type |
| value | unsigned 32 bits attribute value |
References nfct_set_attr_l().
Referenced by cthelper_expect_init(), main(), nl_create_conntrack(), and nl_update_conntrack().
| void nfct_set_attr_u64 | ( | struct nf_conntrack * | ct, |
| const enum nf_conntrack_attr | type, | ||
| u_int64_t | value | ||
| ) |
nfct_set_attr_u64 - set the value of a certain conntrack attribute
| ct | pointer to a valid conntrack |
| type | attribute type |
| value | unsigned 64 bits attribute value |
References nfct_set_attr_l().
| void nfct_set_attr_u8 | ( | struct nf_conntrack * | ct, |
| const enum nf_conntrack_attr | type, | ||
| u_int8_t | value | ||
| ) |
nfct_set_attr_u8 - set the value of a certain conntrack attribute
| ct | pointer to a valid conntrack |
| type | attribute type |
| value | unsigned 8 bits attribute value |
References nfct_set_attr_l().
Referenced by cthelper_expect_init(), main(), nl_create_conntrack(), and nl_update_conntrack().
| int nfct_setobjopt | ( | struct nf_conntrack * | ct, |
| unsigned int | option | ||
| ) |
nfct_setobjopt - set a certain option for a conntrack object
| ct | conntrack object |
| option | option parameter |
In case of error, -1 is returned and errno is appropiately set. On success, 0 is returned.
References __setobjopt(), NFCT_SOPT_MAX, NULL, and unlikely.
Referenced by main(), and nl_create_conntrack().
| size_t nfct_sizeof | ( | const struct nf_conntrack * | ct | ) |
nf_sizeof - return the size in bytes of a certain conntrack object
| ct | pointer to the conntrack object |
This function is DEPRECATED, don't use it in your code.
References NULL.
| int nfct_snprintf | ( | char * | buf, |
| unsigned int | size, | ||
| const struct nf_conntrack * | ct, | ||
| unsigned int | msg_type, | ||
| unsigned int | out_type, | ||
| unsigned int | flags | ||
| ) |
nfct_snprintf - print a conntrack object to a buffer
| buf | buffer used to build the printable conntrack |
| size | size of the buffer |
| ct | pointer to a valid conntrack object |
| message_type | print message type (NFCT_T_UNKNOWN, NFCT_T_NEW,...) |
| output_type | print type (NFCT_O_DEFAULT, NFCT_O_XML, ...) |
| flags | extra flags for the output type (NFCT_OF_LAYER3) |
If you are listening to events, probably you want to display the message type as well. In that case, set the message type parameter to any of the known existing types, ie. NFCT_T_NEW, NFCT_T_UPDATE, NFCT_T_DESTROY. If you pass NFCT_T_UNKNOWN, the message type will not be output.
Currently, the output available are:
The output flags are:
To use NFCT_OF_TIMESTAMP, you have to:
* $ echo 1 > /proc/sys/net/netfilter/nf_conntrack_timestamp
This requires a Linux kernel >= 2.6.38.
Note that NFCT_OF_TIME displays the current time when nfct_snprintf() has been called. Thus, it can be used to know when a flow was destroy if you print the message just after you receive the destroy event. If you want more accurate timestamping, use NFCT_OF_TIMESTAMP.
This function returns the size of the information that would have been written to the buffer, even if there was no room for it. Thus, the behaviour is similar to snprintf.
References __snprintf_conntrack(), and NULL.
Referenced by debug_nfct_cb(), and dlog_ct().
| int nfct_snprintf_labels | ( | char * | buf, |
| unsigned int | size, | ||
| const struct nf_conntrack * | ct, | ||
| unsigned int | msg_type, | ||
| unsigned int | out_type, | ||
| unsigned int | flags, | ||
| struct nfct_labelmap * | map | ||
| ) |
nfct_snprintf_labels - print a bitmask object to a buffer including labels
| buf | buffer used to build the printable conntrack |
| size | size of the buffer |
| ct | pointer to a valid conntrack object |
| message_type | print message type (NFCT_T_UNKNOWN, NFCT_T_NEW,...) |
| output_type | print type (NFCT_O_DEFAULT, NFCT_O_XML, ...) |
| flags | extra flags for the output type (NFCT_OF_LAYER3) |
| map | nfct_labelmap describing the connlabel translation, or NULL. |
When map is NULL, the function is equal to nfct_snprintf(). Otherwise, if the conntrack object has a connlabel attribute, the active labels are translated using the label map and added to the buffer.
References __snprintf_conntrack().
References nfnl_ct_build_add_request(), nl_send_auto_complete(), and nlmsg_free().
Build a conntrack cache holding all conntrack currently in the kernel.
Allocates a new cache, initializes it properly and updates it to contain all conntracks currently in the kernel.
References nl_cache_alloc_and_fill().
Referenced by nl_cli_ct_alloc_cache().
References IPCTNL_MSG_CT_NEW.
Referenced by nfnl_ct_add().
References IPCTNL_MSG_CT_DELETE.
Referenced by nfnl_ct_del().
References IPCTNL_MSG_CT_GET.
Referenced by nfnl_ct_query().
References nfnl_ct_build_delete_request(), nl_send_auto_complete(), and nlmsg_free().
References IPCTNL_MSG_CT_GET, nfnl_send_simple(), NFNL_SUBSYS_CTNETLINK, and NLM_F_DUMP.
References nfnl_ct_build_query_request(), nl_send_auto_complete(), and nlmsg_free().
References IPCTNL_MSG_CT_DELETE, IPCTNL_MSG_CT_NEW, NFNLGRP_CONNTRACK_DESTROY, NFNLGRP_CONNTRACK_NEW, NFNLGRP_CONNTRACK_UPDATE, NFNLGRP_NONE, nfnlmsg_subtype(), NLM_F_CREATE, NLM_F_EXCL, and nlmsghdr::nlmsg_flags.
References ct, CTA_COUNTERS_ORIG, CTA_COUNTERS_REPLY, CTA_ID, CTA_MARK, CTA_MAX, CTA_PROTOINFO, CTA_STATUS, CTA_TIMEOUT, CTA_TUPLE_ORIG, CTA_TUPLE_REPLY, CTA_USE, nfnl_ct_alloc(), nfnl_ct_put(), nfnl_ct_set_family(), nfnl_ct_set_id(), nfnl_ct_set_mark(), nfnl_ct_set_status(), nfnl_ct_set_timeout(), nfnl_ct_set_use(), nfnlmsg_family(), nla_get_u32(), NLE_NOMEM, nlmsg_parse(), and nlmsghdr::nlmsg_type.
1.8.8