netfilter
firewalling, NAT, and packet mangling for linux
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Modules Pages
Data Structures | Functions
Low level object to Netlink message

Data Structures

struct  sockaddr_nl
 Netlink socket address. More...
 

Functions

int nfct_build_conntrack (struct nfnl_subsys_handle *ssh, void *req, size_t size, u_int16_t type, u_int16_t flags, const struct nf_conntrack *ct)
 nfct_build_conntrack - build a netlink message from a conntrack object More...
 
int nfct_build_query (struct nfnl_subsys_handle *ssh, const enum nf_conntrack_query qt, const void *data, void *buffer, unsigned int size)
 nfct_build_query - build a query in netlink message format for ctnetlink More...
 
int nfct_parse_conntrack (enum nf_conntrack_msg_type type, const struct nlmsghdr *nlh, struct nf_conntrack *ct)
 nfct_parse_conntrack - translate a netlink message to a conntrack object More...
 
int nfexp_build_expect (struct nfnl_subsys_handle *ssh, void *req, size_t size, u_int16_t type, u_int16_t flags, const struct nf_expect *exp)
 nfexp_build_expect - build a netlink message from a conntrack object More...
 
int nfexp_build_query (struct nfnl_subsys_handle *ssh, const enum nf_conntrack_query qt, const void *data, void *buffer, unsigned int size)
 nfexp_build_query - build a query in netlink message format for ctnetlink More...
 
int nfexp_parse_expect (enum nf_conntrack_msg_type type, const struct nlmsghdr *nlh, struct nf_expect *exp)
 nfexp_parse_expect - translate a netlink message to a conntrack object More...
 

Detailed Description

Function Documentation

int nfct_build_conntrack ( struct nfnl_subsys_handle ssh,
void *  req,
size_t  size,
u_int16_t  type,
u_int16_t  flags,
const struct nf_conntrack ct 
)

nfct_build_conntrack - build a netlink message from a conntrack object

Parameters
sshnfnetlink subsystem handler
reqbuffer used to build the netlink message
sizesize of the buffer passed
typenetlink message type
flagsnetlink flags
ctpointer to a conntrack object

This is a low level function for those that require to be close to netlink details via libnfnetlink. If you do want to obviate the netlink details then we suggest you to use nfct_query.

On error, -1 is returned and errno is appropiately set. On success, 0 is returned.

References __build_conntrack(), and NULL.

Here is the call graph for this function:

int nfct_build_query ( struct nfnl_subsys_handle ssh,
const enum nf_conntrack_query  qt,
const void *  data,
void *  buffer,
unsigned int  size 
)

nfct_build_query - build a query in netlink message format for ctnetlink

Parameters
sshnfnetlink subsystem handler
qtquery type
datadata required to build the query
reqbuffer to build the netlink message
sizesize of the buffer passed

This is a low level function, use it if you want to require to work with netlink details via libnfnetlink, otherwise we suggest you to use nfct_query.

The pointer to data can be a conntrack object or the protocol family depending on the request.

For query types:

  • NFCT_Q_CREATE: add a new conntrack, if it exists, fail
  • NFCT_O_CREATE_UPDATE: add a new conntrack, if it exists, update it
  • NFCT_Q_UPDATE: update a conntrack
  • NFCT_Q_DESTROY: destroy a conntrack
  • NFCT_Q_GET: get a conntrack

Pass a valid pointer to a conntrack object.

For query types:

  • NFCT_Q_FLUSH: flush the conntrack table
  • NFCT_Q_DUMP: dump the conntrack table
  • NFCT_Q_DUMP_RESET: dump the conntrack table and reset counters
  • NFCT_Q_DUMP_FILTER: dump the conntrack table
  • NFCT_Q_DUMP_FILTER_RESET: dump the conntrack table and reset counters

Pass a valid pointer to the protocol family (u_int32_t)

On success, 0 is returned. On error, -1 is returned and errno is set appropiately.

int nfct_parse_conntrack ( enum nf_conntrack_msg_type  type,
const struct nlmsghdr nlh,
struct nf_conntrack ct 
)

nfct_parse_conntrack - translate a netlink message to a conntrack object

Parameters
typedo the translation iif the message type is of a certain type
nlhpointer to the netlink message
ctpointer to the conntrack object

This is a low level function, use it in case that you require to work with netlink details via libnfnetlink. Otherwise, we suggest you to use the high level API.

The message types are:

  • NFCT_T_NEW: parse messages with new conntracks
  • NFCT_T_UPDATE: parse messages with conntrack updates
  • NFCT_T_DESTROY: parse messages with conntrack destroy
  • NFCT_T_ALL: all message types

The message type is a flag, therefore the can be combined, ie. NFCT_T_NEW | NFCT_T_DESTROY to parse only new and destroy messages

On error, NFCT_T_ERROR is returned and errno is set appropiately. If the message received is not of the requested type then 0 is returned, otherwise this function returns the message type parsed.

References __parse_conntrack(), __parse_message_type(), CTA_MAX, flags, len, NFA_DATA, NFCT_T_ERROR, nfnl_parse_attr(), NLMSG_DATA, nlmsghdr::nlmsg_len, NLMSG_LENGTH, and NULL.

Here is the call graph for this function:

int nfexp_build_expect ( struct nfnl_subsys_handle ssh,
void *  req,
size_t  size,
u_int16_t  type,
u_int16_t  flags,
const struct nf_expect exp 
)

nfexp_build_expect - build a netlink message from a conntrack object

Parameters
sshnfnetlink subsystem handler
reqbuffer used to build the netlink message
sizesize of the buffer passed
typenetlink message type
flagsnetlink flags
exppointer to a conntrack object

This is a low level function for those that require to be close to netlink details via libnfnetlink. If you do want to obviate the netlink details then we suggest you to use nfexp_query.

On error, -1 is returned and errno is appropiately set. On success, 0 is returned.

References __build_expect(), and NULL.

Here is the call graph for this function:

int nfexp_build_query ( struct nfnl_subsys_handle ssh,
const enum nf_conntrack_query  qt,
const void *  data,
void *  buffer,
unsigned int  size 
)

nfexp_build_query - build a query in netlink message format for ctnetlink

Parameters
sshnfnetlink subsystem handler
qtquery type
datadata required to build the query
reqbuffer to build the netlink message
sizesize of the buffer passed

This is a low level function, use it if you want to require to work with netlink details via libnfnetlink, otherwise we suggest you to use nfexp_query.

The pointer to data can be a conntrack object or the protocol family depending on the request.

For query types: NFEXP_Q_CREATE NFEXP_Q_DESTROY

Pass a valid pointer to an expectation object.

For query types: NFEXP_Q_FLUSH NFEXP_Q_DUMP

Pass a valid pointer to the protocol family (u_int8_t)

On success, 0 is returned. On error, -1 is returned and errno is set appropiately.

int nfexp_parse_expect ( enum nf_conntrack_msg_type  type,
const struct nlmsghdr nlh,
struct nf_expect exp 
)

nfexp_parse_expect - translate a netlink message to a conntrack object

Parameters
typedo the translation iif the message type is of a certain type
nlhpointer to the netlink message
exppointer to the conntrack object

This is a low level function, use it in case that you require to work with netlink details via libnfnetlink. Otherwise, we suggest you to use the high level API.

The message types are:

NFEXP_T_NEW: parse messages with new conntracks NFEXP_T_UPDATE: parse messages with conntrack updates NFEXP_T_DESTROY: parse messages with conntrack destroy NFEXP_T_ALL: all message types

The message type is a flag, therefore the can be combined, ie. NFEXP_T_NEW | NFEXP_T_DESTROY to parse only new and destroy messages

On error, NFEXP_T_ERROR is returned and errno is set appropiately. If the message received is not of the requested type then 0 is returned, otherwise this function returns the message type parsed.

References __parse_expect(), __parse_expect_message_type(), CTA_EXPECT_MAX, flags, len, NFA_DATA, NFCT_T_ERROR, nfnl_parse_attr(), NLMSG_DATA, nlmsghdr::nlmsg_len, NLMSG_LENGTH, and NULL.

Here is the call graph for this function: