netfilter
firewalling, NAT, and packet mangling for linux
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Modules Pages
Macros | Functions
nf_tables
Netfilter Netlink
Collaboration diagram for nf_tables:

Macros

#define NFNLMSG_NFT_TYPE(type)   NFNLMSG_TYPE(NFNL_SUBSYS_NFTABLES, (type))
 
#define NFNLMSG_NFT_TYPE(type)   NFNLMSG_TYPE(NFNL_SUBSYS_NFTABLES, (type))
 
#define NFNLMSG_NFT_TYPE(type)   NFNLMSG_TYPE(NFNL_SUBSYS_NFTABLES, (type))
 
#define NFNLMSG_NFT_TYPE(type)   NFNLMSG_TYPE(NFNL_SUBSYS_NFTABLES, (type))
 
#define NFNLMSG_NFT_TYPE(type)   NFNLMSG_TYPE(NFNL_SUBSYS_NFTABLES, (type))
 

Functions

int nfnlmsg_nft_chain_parse (struct nlmsghdr *nlh, struct nfnl_nft_chain **result)
 
int nfnl_nft_chain_dump_request (struct nl_sock *h)
 
int nfnl_nft_chain_build_add_request (struct nfnl_nft_chain *chain, int flags, struct nl_msg **result)
 
int nfnl_nft_chain_add (struct nl_sock *h, struct nfnl_nft_chain *chain, int flags)
 
int nfnl_nft_chain_build_delete_request (struct nfnl_nft_chain *chain, int flags, struct nl_msg **result)
 
int nfnl_nft_chain_delete (struct nl_sock *h, struct nfnl_nft_chain *chain, int flags)
 
int nfnl_nft_chain_build_query_request (struct nfnl_nft_chain *chain, int flags, struct nl_msg **result)
 
int nfnl_nft_chain_query (struct nl_sock *h, struct nfnl_nft_chain *chain, int flags)
 
int nfnl_nft_expr_parse (struct nlattr *nla, struct nfnl_nft_expr **res)
 
int nfnl_nft_expr_build_message (struct nl_msg *msg, struct nfnl_nft_expr *expr)
 
int nfnlmsg_nft_rule_parse (struct nlmsghdr *nlh, struct nfnl_nft_rule **result)
 
int nfnl_nft_rule_dump_request (struct nl_sock *h)
 
int nfnl_nft_rule_build_add_request (struct nfnl_nft_rule *rule, int flags, struct nl_msg **result)
 
int nfnl_nft_rule_add (struct nl_sock *h, struct nfnl_nft_rule *rule, int flags)
 
int nfnl_nft_rule_build_delete_request (struct nfnl_nft_rule *rule, int flags, struct nl_msg **result)
 
int nfnl_nft_rule_delete (struct nl_sock *h, struct nfnl_nft_rule *rule, int flags)
 
int nfnl_nft_rule_build_query_request (struct nfnl_nft_rule *rule, int flags, struct nl_msg **result)
 
int nfnl_nft_rule_query (struct nl_sock *h, struct nfnl_nft_rule *rule, int flags)
 
int nfnlmsg_nft_set_parse (struct nlmsghdr *nlh, struct nfnl_nft_set **result)
 
int nfnl_nft_set_dump_request (struct nl_sock *h, int family, const char *table)
 
int nfnl_nft_set_build_add_request (struct nfnl_nft_set *set, int flags, struct nl_msg **result)
 
int nfnl_nft_set_add (struct nl_sock *h, struct nfnl_nft_set *set, int flags)
 
int nfnl_nft_set_build_delete_request (struct nfnl_nft_set *set, int flags, struct nl_msg **result)
 
int nfnl_nft_set_delete (struct nl_sock *h, struct nfnl_nft_set *set, int flags)
 
int nfnl_nft_set_build_query_request (struct nfnl_nft_set *set, int flags, struct nl_msg **result)
 
int nfnl_nft_set_query (struct nl_sock *h, struct nfnl_nft_set *set, int flags)
 
int nfnl_nft_setelem_dump_request (struct nl_sock *h, struct nfnl_nft_set *set)
 
int nfnl_nft_setelem_add (struct nl_sock *h, struct nfnl_nft_set *set, struct nl_cache *elements, int flags)
 
int nfnl_nft_setelem_build_delete_request (struct nfnl_nft_set *set, int flags, struct nl_msg **result)
 
int nfnl_nft_setelem_delete (struct nl_sock *h, struct nfnl_nft_set *set, struct nl_cache *elements, int flags)
 
int nfnl_nft_setelem_build_query_request (struct nfnl_nft_set *set, int flags, struct nl_msg **result)
 
int nfnl_nft_setelem_query (struct nl_sock *h, struct nfnl_nft_set *set, int flags)
 
int nfnlmsg_nft_table_parse (struct nlmsghdr *nlh, struct nfnl_nft_table **result)
 
int nfnl_nft_table_dump_request (struct nl_sock *h)
 
int nfnl_nft_table_build_add_request (struct nfnl_nft_table *table, int flags, struct nl_msg **result)
 
int nfnl_nft_table_add (struct nl_sock *h, struct nfnl_nft_table *table, int flags)
 
int nfnl_nft_table_build_delete_request (struct nfnl_nft_table *table, int flags, struct nl_msg **result)
 
int nfnl_nft_table_delete (struct nl_sock *h, struct nfnl_nft_table *table, int flags)
 
int nfnl_nft_table_build_query_request (struct nfnl_nft_table *table, int flags, struct nl_msg **result)
 
int nfnl_nft_table_query (struct nl_sock *h, struct nfnl_nft_table *table, int flags)
 

Cache Management

int nfnl_nft_chain_alloc_cache (struct nl_sock *sock, struct nl_cache **result)
 Build a conntrack cache holding all nf_tables chains currently in the kernel. More...
 

Cache Management

int nfnl_nft_rule_alloc_cache (struct nl_sock *sock, struct nl_cache **result)
 Build a rule cache holding all nf_tables rules currently in the kernel. More...
 

Cache Management

int nfnl_nft_set_alloc_cache (struct nl_sock *sock, int family, const char *table, struct nl_cache **result)
 Build a set cache holding all nf_tables sets currently in the kernel. More...
 

Cache Management

int nfnl_nft_setelem_alloc_cache (struct nl_sock *sock, struct nfnl_nft_set *set, struct nl_cache **result)
 Build a set cache holding all nf_tables sets currently in the kernel. More...
 

Cache Management

int nfnl_nft_table_alloc_cache (struct nl_sock *sock, struct nl_cache **result)
 Build a conntrack cache holding all nf_tables tables currently in the kernel. More...
 

Detailed Description

Macro Definition Documentation

#define NFNLMSG_NFT_TYPE (   type)    NFNLMSG_TYPE(NFNL_SUBSYS_NFTABLES, (type))
#define NFNLMSG_NFT_TYPE (   type)    NFNLMSG_TYPE(NFNL_SUBSYS_NFTABLES, (type))
#define NFNLMSG_NFT_TYPE (   type)    NFNLMSG_TYPE(NFNL_SUBSYS_NFTABLES, (type))
#define NFNLMSG_NFT_TYPE (   type)    NFNLMSG_TYPE(NFNL_SUBSYS_NFTABLES, (type))
#define NFNLMSG_NFT_TYPE (   type)    NFNLMSG_TYPE(NFNL_SUBSYS_NFTABLES, (type))

Function Documentation

int nfnl_nft_chain_add ( struct nl_sock h,
struct nfnl_nft_chain chain,
int  flags 
)

References nfnl_nft_chain_build_add_request(), nl_send_auto_complete(), and nlmsg_free().

Referenced by main().

Here is the call graph for this function:

Here is the caller graph for this function:

int nfnl_nft_chain_alloc_cache ( struct nl_sock sock,
struct nl_cache **  result 
)

Build a conntrack cache holding all nf_tables chains currently in the kernel.

  • sock netlink sock

Allocates a new cache, initializes it properly and updates it to contain all chains currently in the kernel.

Note
The caller is responsible for destroying and freeing the cache after using it.
Returns
The cache or NULL if an error has occured.

References nl_cache_alloc(), nl_cache_refill(), and NLE_NOMEM.

Referenced by main().

Here is the call graph for this function:

Here is the caller graph for this function:

int nfnl_nft_chain_build_add_request ( struct nfnl_nft_chain chain,
int  flags,
struct nl_msg **  result 
)

References NFT_MSG_NEWCHAIN, and NLM_F_CREATE.

Referenced by nfnl_nft_chain_add().

Here is the caller graph for this function:

int nfnl_nft_chain_build_delete_request ( struct nfnl_nft_chain chain,
int  flags,
struct nl_msg **  result 
)

References NFT_MSG_DELCHAIN.

Referenced by nfnl_nft_chain_delete().

Here is the caller graph for this function:

int nfnl_nft_chain_build_query_request ( struct nfnl_nft_chain chain,
int  flags,
struct nl_msg **  result 
)

References NFT_MSG_GETCHAIN.

Referenced by nfnl_nft_chain_query().

Here is the caller graph for this function:

int nfnl_nft_chain_delete ( struct nl_sock h,
struct nfnl_nft_chain chain,
int  flags 
)

References nfnl_nft_chain_build_delete_request(), nl_send_auto_complete(), and nlmsg_free().

Referenced by main().

Here is the call graph for this function:

Here is the caller graph for this function:

int nfnl_nft_chain_dump_request ( struct nl_sock h)

References nfnl_send_simple(), NFNL_SUBSYS_NFTABLES, NFT_MSG_GETCHAIN, and NLM_F_DUMP.

Here is the call graph for this function:

int nfnl_nft_chain_query ( struct nl_sock h,
struct nfnl_nft_chain chain,
int  flags 
)

References nfnl_nft_chain_build_query_request(), nl_send_auto_complete(), and nlmsg_free().

Here is the call graph for this function:

int nfnl_nft_expr_build_message ( struct nl_msg msg,
struct nfnl_nft_expr expr 
)

References nft_expr_ops::eo_get_opts, nft_expr_ops::eo_name, nfnl_nft_expr::expr_ops, NFTA_EXPR_DATA, NFTA_EXPR_NAME, nla_nest_end(), nla_nest_start(), nla_put_string(), and NULL.

Here is the call graph for this function:

int nfnl_nft_expr_parse ( struct nlattr nla,
struct nfnl_nft_expr **  res 
)

References nft_expr_ops::eo_maxattr, nft_expr_ops::eo_msg_parser, nft_expr_ops::eo_policy, nfnl_nft_expr_alloc(), nft_expr_lookup_ops(), NFTA_EXPR_DATA, NFTA_EXPR_MAX, NFTA_EXPR_NAME, nla_parse_nested(), NLE_INVAL, NLE_NOMEM, NLE_OBJ_NOTFOUND, NULL, and tb.

Referenced by nfnlmsg_nft_rule_parse().

Here is the call graph for this function:

Here is the caller graph for this function:

int nfnl_nft_rule_add ( struct nl_sock h,
struct nfnl_nft_rule rule,
int  flags 
)

References nfnl_nft_rule_build_add_request(), nl_send_auto_complete(), NLM_F_CREATE, and nlmsg_free().

Referenced by main().

Here is the call graph for this function:

Here is the caller graph for this function:

int nfnl_nft_rule_alloc_cache ( struct nl_sock sock,
struct nl_cache **  result 
)

Build a rule cache holding all nf_tables rules currently in the kernel.

  • sock netlink sock

Allocates a new cache, initializes it properly and updates it to contain all rules currently in the kernel.

Note
The caller is responsible for destroying and freeing the cache after using it.
Returns
The cache or NULL if an error has occured.

References nl_cache_alloc(), nl_cache_refill(), and NLE_NOMEM.

Referenced by main().

Here is the call graph for this function:

Here is the caller graph for this function:

int nfnl_nft_rule_build_add_request ( struct nfnl_nft_rule rule,
int  flags,
struct nl_msg **  result 
)

References NFT_MSG_NEWRULE.

Referenced by nfnl_nft_rule_add().

Here is the caller graph for this function:

int nfnl_nft_rule_build_delete_request ( struct nfnl_nft_rule rule,
int  flags,
struct nl_msg **  result 
)

References NFT_MSG_DELRULE.

Referenced by nfnl_nft_rule_delete(), and nfnl_nft_rule_query().

Here is the caller graph for this function:

int nfnl_nft_rule_build_query_request ( struct nfnl_nft_rule rule,
int  flags,
struct nl_msg **  result 
)

References NFT_MSG_GETRULE.

int nfnl_nft_rule_delete ( struct nl_sock h,
struct nfnl_nft_rule rule,
int  flags 
)

References nfnl_nft_rule_build_delete_request(), nl_send_auto_complete(), and nlmsg_free().

Referenced by main().

Here is the call graph for this function:

Here is the caller graph for this function:

int nfnl_nft_rule_dump_request ( struct nl_sock h)

References nfnl_send_simple(), NFNL_SUBSYS_NFTABLES, NFT_MSG_GETRULE, and NLM_F_DUMP.

Here is the call graph for this function:

int nfnl_nft_rule_query ( struct nl_sock h,
struct nfnl_nft_rule rule,
int  flags 
)

References nfnl_nft_rule_build_delete_request(), nl_send_auto_complete(), and nlmsg_free().

Here is the call graph for this function:

int nfnl_nft_set_add ( struct nl_sock h,
struct nfnl_nft_set set,
int  flags 
)

References nfnl_nft_set_build_add_request(), nl_send_auto_complete(), and nlmsg_free().

Referenced by main().

Here is the call graph for this function:

Here is the caller graph for this function:

int nfnl_nft_set_alloc_cache ( struct nl_sock sock,
int  family,
const char *  table,
struct nl_cache **  result 
)

Build a set cache holding all nf_tables sets currently in the kernel.

  • sock netlink sock
  • family address family
  • table table
  • result

Allocates a new cache, initializes it properly and updates it to contain all sets currently in the specified table.

Note
The caller is responsible for destroying and freeing the cache after using it.
Returns
The cache or NULL if an error has occured.

References nl_cache::c_iarg1, nl_cache::c_iarg2, nl_cache_alloc(), nl_cache_refill(), and NLE_NOMEM.

Referenced by main().

Here is the call graph for this function:

Here is the caller graph for this function:

int nfnl_nft_set_build_add_request ( struct nfnl_nft_set set,
int  flags,
struct nl_msg **  result 
)

References NFT_MSG_NEWSET, and NLM_F_CREATE.

Referenced by nfnl_nft_set_add().

Here is the caller graph for this function:

int nfnl_nft_set_build_delete_request ( struct nfnl_nft_set set,
int  flags,
struct nl_msg **  result 
)

References NFT_MSG_DELSET.

Referenced by nfnl_nft_set_delete().

Here is the caller graph for this function:

int nfnl_nft_set_build_query_request ( struct nfnl_nft_set set,
int  flags,
struct nl_msg **  result 
)

References NFT_MSG_GETSET.

Referenced by nfnl_nft_set_query(), and nfnl_nft_setelem_query().

Here is the caller graph for this function:

int nfnl_nft_set_delete ( struct nl_sock h,
struct nfnl_nft_set set,
int  flags 
)

References nfnl_nft_set_build_delete_request(), nl_send_auto_complete(), and nlmsg_free().

Referenced by main().

Here is the call graph for this function:

Here is the caller graph for this function:

int nfnl_nft_set_dump_request ( struct nl_sock h,
int  family,
const char *  table 
)

References NFNL_SUBSYS_NFTABLES, nfnlmsg_put(), NFT_MSG_GETSET, NFTA_SET_TABLE, nl_send_auto_complete(), NLA_PUT_STRING, NLE_MSGSIZE, NLE_NOMEM, NLM_F_DUMP, nlmsg_alloc(), nlmsg_free(), and NULL.

Here is the call graph for this function:

int nfnl_nft_set_query ( struct nl_sock h,
struct nfnl_nft_set set,
int  flags 
)

References nfnl_nft_set_build_query_request(), nl_send_auto_complete(), and nlmsg_free().

Here is the call graph for this function:

int nfnl_nft_setelem_add ( struct nl_sock h,
struct nfnl_nft_set set,
struct nl_cache elements,
int  flags 
)

References NFT_MSG_NEWSETELEM, and NLM_F_CREATE.

int nfnl_nft_setelem_alloc_cache ( struct nl_sock sock,
struct nfnl_nft_set set,
struct nl_cache **  result 
)

Build a set cache holding all nf_tables sets currently in the kernel.

  • sock netlink sock
  • set nftables set
  • result

Allocates a new cache, initializes it properly and updates it to contain all elements currently in the specified set.

Note
The caller is responsible for destroying and freeing the cache after using it.
Returns
The cache or NULL if an error has occured.

References nl_cache::c_iarg1, nl_cache_alloc(), nl_cache_refill(), and NLE_NOMEM.

Here is the call graph for this function:

int nfnl_nft_setelem_build_delete_request ( struct nfnl_nft_set set,
int  flags,
struct nl_msg **  result 
)

References NFT_MSG_DELSETELEM, and NULL.

int nfnl_nft_setelem_build_query_request ( struct nfnl_nft_set set,
int  flags,
struct nl_msg **  result 
)

References NFT_MSG_GETSETELEM, and NULL.

int nfnl_nft_setelem_delete ( struct nl_sock h,
struct nfnl_nft_set set,
struct nl_cache elements,
int  flags 
)

References NFT_MSG_DELSETELEM.

int nfnl_nft_setelem_dump_request ( struct nl_sock h,
struct nfnl_nft_set set 
)

References nfnl_nft_set_get_name(), nfnl_nft_set_get_table(), nfnl_nft_set_test_name(), nfnl_nft_set_test_table(), NFNL_SUBSYS_NFTABLES, nfnlmsg_put(), NFT_MSG_GETSETELEM, NFTA_SET_ELEM_LIST_SET, NFTA_SET_ELEM_LIST_TABLE, nl_send_auto_complete(), NLA_PUT_STRING, NLE_MSGSIZE, NLE_NOMEM, NLM_F_DUMP, nlmsg_alloc(), nlmsg_free(), NULL, and nfnl_nft_set::set_family.

Here is the call graph for this function:

int nfnl_nft_setelem_query ( struct nl_sock h,
struct nfnl_nft_set set,
int  flags 
)

References nfnl_nft_set_build_query_request(), nl_send_auto_complete(), and nlmsg_free().

Here is the call graph for this function:

int nfnl_nft_table_add ( struct nl_sock h,
struct nfnl_nft_table table,
int  flags 
)

References nfnl_nft_table_build_add_request(), nl_send_auto_complete(), and nlmsg_free().

Referenced by main().

Here is the call graph for this function:

Here is the caller graph for this function:

int nfnl_nft_table_alloc_cache ( struct nl_sock sock,
struct nl_cache **  result 
)

Build a conntrack cache holding all nf_tables tables currently in the kernel.

  • sock netlink sock

Allocates a new cache, initializes it properly and updates it to contain all tables currently in the kernel.

Note
The caller is responsible for destroying and freeing the cache after using it.
Returns
The cache or NULL if an error has occured.

References nl_cache_alloc(), nl_cache_refill(), and NLE_NOMEM.

Referenced by main().

Here is the call graph for this function:

Here is the caller graph for this function:

int nfnl_nft_table_build_add_request ( struct nfnl_nft_table table,
int  flags,
struct nl_msg **  result 
)

References NFT_MSG_NEWTABLE, and NLM_F_CREATE.

Referenced by nfnl_nft_table_add().

Here is the caller graph for this function:

int nfnl_nft_table_build_delete_request ( struct nfnl_nft_table table,
int  flags,
struct nl_msg **  result 
)

References NFT_MSG_DELTABLE.

Referenced by nfnl_nft_table_delete().

Here is the caller graph for this function:

int nfnl_nft_table_build_query_request ( struct nfnl_nft_table table,
int  flags,
struct nl_msg **  result 
)

References NFT_MSG_GETTABLE.

Referenced by nfnl_nft_table_query().

Here is the caller graph for this function:

int nfnl_nft_table_delete ( struct nl_sock h,
struct nfnl_nft_table table,
int  flags 
)

References nfnl_nft_table_build_delete_request(), nl_send_auto_complete(), and nlmsg_free().

Referenced by main().

Here is the call graph for this function:

Here is the caller graph for this function:

int nfnl_nft_table_dump_request ( struct nl_sock h)

References nfnl_send_simple(), NFNL_SUBSYS_NFTABLES, NFT_MSG_GETTABLE, and NLM_F_DUMP.

Here is the call graph for this function:

int nfnl_nft_table_query ( struct nl_sock h,
struct nfnl_nft_table table,
int  flags 
)

References nfnl_nft_table_build_query_request(), nl_send_auto_complete(), and nlmsg_free().

Here is the call graph for this function:

int nfnlmsg_nft_chain_parse ( struct nlmsghdr nlh,
struct nfnl_nft_chain **  result 
)

References nfnl_nft_chain_alloc(), nfnl_nft_chain_put(), nfnl_nft_chain_set_family(), nfnl_nft_chain_set_handle(), nfnl_nft_chain_set_hooknum(), nfnl_nft_chain_set_name(), nfnl_nft_chain_set_priority(), nfnl_nft_chain_set_table(), nfnlmsg_family(), NFTA_CHAIN_HANDLE, NFTA_CHAIN_HOOK, NFTA_CHAIN_MAX, NFTA_CHAIN_NAME, NFTA_CHAIN_TABLE, NFTA_HOOK_HOOKNUM, NFTA_HOOK_MAX, NFTA_HOOK_PRIORITY, nla_data(), nla_get_u32(), nla_get_u64(), nla_len(), nla_parse_nested(), NLE_NOMEM, nlmsg_parse(), nlmsghdr::nlmsg_type, and tb.

Here is the call graph for this function:

int nfnlmsg_nft_rule_parse ( struct nlmsghdr nlh,
struct nfnl_nft_rule **  result 
)

References nfnl_nft_expr::expr_list, nfnl_nft_expr_parse(), nfnl_nft_rule_alloc(), nfnl_nft_rule_put(), nfnl_nft_rule_set_chain(), nfnl_nft_rule_set_family(), nfnl_nft_rule_set_handle(), nfnl_nft_rule_set_table(), nfnlmsg_family(), NFTA_LIST_ELEM, NFTA_RULE_CHAIN, NFTA_RULE_EXPRESSIONS, NFTA_RULE_HANDLE, NFTA_RULE_MAX, NFTA_RULE_TABLE, nla_data(), nla_for_each_nested, nla_get_u64(), nla_len(), nla_type(), NLE_NOMEM, nlmsg_parse(), nlmsghdr::nlmsg_type, nfnl_nft_rule::rule_expressions, and tb.

Here is the call graph for this function:

int nfnlmsg_nft_set_parse ( struct nlmsghdr nlh,
struct nfnl_nft_set **  result 
)

References nfnl_nft_set_alloc(), nfnl_nft_set_put(), nfnl_nft_set_set_datalen(), nfnl_nft_set_set_datatype(), nfnl_nft_set_set_family(), nfnl_nft_set_set_flags(), nfnl_nft_set_set_keylen(), nfnl_nft_set_set_keytype(), nfnl_nft_set_set_name(), nfnl_nft_set_set_table(), nfnlmsg_family(), NFTA_SET_DATA_LEN, NFTA_SET_DATA_TYPE, NFTA_SET_FLAGS, NFTA_SET_KEY_LEN, NFTA_SET_KEY_TYPE, NFTA_SET_MAX, NFTA_SET_NAME, NFTA_SET_TABLE, nla_data(), nla_get_u32(), nla_len(), NLE_NOMEM, nlmsg_parse(), nlmsghdr::nlmsg_type, NULL, and tb.

Here is the call graph for this function:

int nfnlmsg_nft_table_parse ( struct nlmsghdr nlh,
struct nfnl_nft_table **  result 
)

References nfnl_nft_table_alloc(), nfnl_nft_table_put(), nfnl_nft_table_set_family(), nfnl_nft_table_set_name(), nfnlmsg_family(), NFTA_TABLE_MAX, NFTA_TABLE_NAME, nla_data(), nla_len(), NLE_NOMEM, nlmsg_parse(), nlmsghdr::nlmsg_type, and tb.

Here is the call graph for this function: