 |
netfilter
firewalling, NAT, and packet mangling for linux
|
|
|
netfilter
firewalling, NAT, and packet mangling for linux
|
|
Enumerations | |
| enum | __nfct_addr { __ADDR_SRC = 0, __ADDR_DST } |
| enum __nfct_addr |
| int __build_conntrack | ( | struct nfnl_subsys_handle * | ssh, |
| struct nfnlhdr * | req, | ||
| size_t | size, | ||
| u_int16_t | type, | ||
| u_int16_t | flags, | ||
| const struct nf_conntrack * | ct | ||
| ) |
References __build_tuple(), __DIR_ORIG, __DIR_REPL, ATTR_CONNLABELS, ATTR_DNAT_IPV4, ATTR_DNAT_PORT, ATTR_HELPER_NAME, ATTR_ICMP_CODE, ATTR_ICMP_ID, ATTR_ICMP_TYPE, ATTR_MARK, ATTR_MASTER_IPV4_DST, ATTR_MASTER_IPV4_SRC, ATTR_MASTER_IPV6_DST, ATTR_MASTER_IPV6_SRC, ATTR_MASTER_L3PROTO, ATTR_MASTER_L4PROTO, ATTR_MASTER_PORT_DST, ATTR_MASTER_PORT_SRC, ATTR_ORIG_IPV4_DST, ATTR_ORIG_IPV4_SRC, ATTR_ORIG_IPV6_DST, ATTR_ORIG_IPV6_SRC, ATTR_ORIG_L3PROTO, ATTR_ORIG_L4PROTO, ATTR_ORIG_NAT_SEQ_CORRECTION_POS, ATTR_ORIG_NAT_SEQ_OFFSET_AFTER, ATTR_ORIG_NAT_SEQ_OFFSET_BEFORE, ATTR_ORIG_PORT_DST, ATTR_ORIG_PORT_SRC, ATTR_REPL_IPV4_DST, ATTR_REPL_IPV4_SRC, ATTR_REPL_IPV6_DST, ATTR_REPL_IPV6_SRC, ATTR_REPL_L3PROTO, ATTR_REPL_L4PROTO, ATTR_REPL_NAT_SEQ_CORRECTION_POS, ATTR_REPL_NAT_SEQ_OFFSET_AFTER, ATTR_REPL_NAT_SEQ_OFFSET_BEFORE, ATTR_REPL_PORT_DST, ATTR_REPL_PORT_SRC, ATTR_SECMARK, ATTR_SNAT_IPV4, ATTR_SNAT_PORT, ATTR_STATUS, ATTR_TIMEOUT, ATTR_ZONE, CTA_TUPLE_MASTER, CTA_TUPLE_ORIG, CTA_TUPLE_REPLY, nf_conntrack::head, IPCTNL_MSG_CT_NEW, __nfct_tuple::l3protonum, nf_conntrack::master, nfnl_fill_hdr(), nfnlhdr::nlh, NLM_F_CREATE, nfct_tuple_head::orig, nf_conntrack::repl, and nfct_tuple_head::set.
Referenced by nfct_build_conntrack().
| int __build_expect | ( | struct nfnl_subsys_handle * | ssh, |
| struct nfnlhdr * | req, | ||
| size_t | size, | ||
| u_int16_t | type, | ||
| u_int16_t | flags, | ||
| const struct nf_expect * | exp | ||
| ) |
References __build_tuple(), ATTR_EXP_CLASS, ATTR_EXP_EXPECTED, ATTR_EXP_FLAGS, ATTR_EXP_FN, ATTR_EXP_HELPER_NAME, ATTR_EXP_MASK, ATTR_EXP_MASTER, ATTR_EXP_NAT_DIR, ATTR_EXP_NAT_TUPLE, ATTR_EXP_TIMEOUT, ATTR_EXP_ZONE, ATTR_ORIG_L3PROTO, CTA_EXPECT_MASK, CTA_EXPECT_MASTER, CTA_EXPECT_NAT, CTA_EXPECT_NAT_DIR, CTA_EXPECT_NAT_TUPLE, CTA_EXPECT_TUPLE, nf_expect::expected, __nfct_tuple::l3protonum, nf_expect::mask, nf_expect::master, nf_expect::nat, nf_expect::nat_dir, nfnl_addattr32(), nfnl_fill_hdr(), nfnl_nest, nfnl_nest_end, nfnlhdr::nlh, nfct_tuple_head::orig, nfct_tuple_head::set, and nf_expect::set.
Referenced by nfexp_build_expect().
| void __build_filter_dump | ( | struct nfnlhdr * | req, |
| size_t | size, | ||
| const struct nfct_filter_dump * | filter_dump | ||
| ) |
References CTA_MARK, CTA_MARK_MASK, nfct_filter_dump::l3num, nfct_filter_dump::mark, nfct_filter_dump_mark::mask, NFCT_FILTER_DUMP_L3NUM, NFCT_FILTER_DUMP_MARK, nfgenmsg::nfgen_family, nfnl_addattr32(), nfnlhdr::nlh, NLMSG_DATA, nfct_filter_dump::set, and nfct_filter_dump_mark::val.
| void __build_tuple | ( | struct nfnlhdr * | req, |
| size_t | size, | ||
| const struct __nfct_tuple * | t, | ||
| const int | type | ||
| ) |
References nfnl_nest, nfnl_nest_end, and nfnlhdr::nlh.
Referenced by __build_conntrack(), and __build_expect().
References __parse_conntrack(), __parse_expect(), nfct_handle::cb, nfct_handle::cb2, ct, __data_container::data, data, exp, nfct_handle::expect_cb, nfct_handle::expect_cb2, __data_container::h, NFCT_CB_STOLEN, nfct_destroy(), nfct_new(), nfexp_destroy(), nfexp_new(), NFNL_CB_CONTINUE, NFNL_CB_FAILURE, NFNL_CB_STOP, NFNL_SUBSYS_CTNETLINK, NFNL_SUBSYS_CTNETLINK_EXP, NFNL_SUBSYS_ID, nlmsghdr::nlmsg_len, NLMSG_LENGTH, nlmsghdr::nlmsg_type, NULL, __data_container::type, and type.
Referenced by nfct_callback_register(), nfct_callback_register2(), nfexp_callback_register(), and nfexp_callback_register2().
| int __cmp_expect | ( | const struct nf_expect * | exp1, |
| const struct nf_expect * | exp2, | ||
| unsigned int | flags | ||
| ) |
References ATTR_EXP_CLASS, ATTR_EXP_EXPECTED, ATTR_EXP_FLAGS, ATTR_EXP_FN, ATTR_EXP_HELPER_NAME, ATTR_EXP_MASK, ATTR_EXP_MASTER, ATTR_EXP_NAT_DIR, ATTR_EXP_NAT_TUPLE, and ATTR_EXP_ZONE.
Referenced by nfexp_cmp().
| int __cmp_orig | ( | const struct nf_conntrack * | ct1, |
| const struct nf_conntrack * | ct2, | ||
| unsigned int | flags | ||
| ) |
References ATTR_ORIG_IPV4_DST, ATTR_ORIG_IPV4_SRC, ATTR_ORIG_IPV6_DST, ATTR_ORIG_IPV6_SRC, ATTR_ORIG_L3PROTO, and ATTR_ORIG_L4PROTO.
Referenced by __compare().
| int __compare | ( | const struct nf_conntrack * | ct1, |
| const struct nf_conntrack * | ct2, | ||
| unsigned int | flags | ||
| ) |
References __cmp_orig(), NFCT_CMP_ALL, NFCT_CMP_MASK, NFCT_CMP_ORIG, NFCT_CMP_REPL, and NFCT_CMP_STRICT.
Referenced by nfct_cmp(), and nfct_compare().
| void __copy_fast | ( | struct nf_conntrack * | ct1, |
| const struct nf_conntrack * | ct | ||
| ) |
References nf_conntrack::connlabels, nf_conntrack::connlabels_mask, nf_conntrack::helper_info, NULL, and nf_conntrack::secctx.
Referenced by nfct_copy().
| int __getobjopt | ( | const struct nf_conntrack * | ct, |
| unsigned int | option | ||
| ) |
References ct, NFCT_GOPT_MAX, and unlikely.
Referenced by nfct_getobjopt().
| const char* __l3proto2str | ( | u_int8_t | protonum | ) |
References l3proto2str.
| void __labelmap_destroy | ( | struct nfct_labelmap * | ) |
References nfct_labelmap::bit_to_name, HASH_SIZE, and nfct_labelmap::map_name.
Referenced by __labelmap_new(), and nfct_labelmap_destroy().
| int __labelmap_get_bit | ( | struct nfct_labelmap * | map, |
| const char * | name | ||
| ) |
References labelmap_bucket::bit, nfct_labelmap::map_name, labelmap_bucket::name, and labelmap_bucket::next.
Referenced by nfct_labelmap_get_bit().
| const char* __labelmap_get_name | ( | struct nfct_labelmap * | map, |
| unsigned int | bit | ||
| ) |
References labelmap_bucket::bit, nfct_labelmap::bit_to_name, and NULL.
Referenced by nfct_labelmap_get_name().
| struct nfct_labelmap* __labelmap_new | ( | const char * | ) |
References __labelmap_destroy(), nfct_labelmap::bit_to_name, CONNLABEL_CFG, MAX_BITS, nfct_labelmap::namecount, and NULL.
Referenced by nfct_labelmap_new().
| void __parse_conntrack | ( | const struct nlmsghdr * | nlh, |
| struct nfattr * | cda[], | ||
| struct nf_conntrack * | ct | ||
| ) |
References __DIR_MASTER, __DIR_ORIG, __DIR_REPL, __parse_tuple(), ATTR_ID, ATTR_MARK, ATTR_MASTER_L3PROTO, ATTR_ORIG_L3PROTO, ATTR_REPL_L3PROTO, ATTR_SECMARK, ATTR_STATUS, ATTR_TIMEOUT, ATTR_USE, ATTR_ZONE, CTA_COUNTERS_ORIG, CTA_COUNTERS_REPLY, CTA_HELP, CTA_ID, CTA_LABELS, CTA_MARK, CTA_NAT_SEQ_ADJ_ORIG, CTA_NAT_SEQ_ADJ_REPLY, CTA_PROTOINFO, CTA_SECCTX, CTA_SECMARK, CTA_STATUS, CTA_TIMEOUT, CTA_TIMESTAMP, CTA_TUPLE_MASTER, CTA_TUPLE_ORIG, CTA_TUPLE_REPLY, CTA_USE, CTA_ZONE, nf_conntrack::head, nf_conntrack::id, __nfct_tuple::l3protonum, nf_conntrack::mark, nf_conntrack::master, NFA_DATA, nfgenmsg::nfgen_family, NLMSG_DATA, nfct_tuple_head::orig, nf_conntrack::repl, nf_conntrack::secmark, nfct_tuple_head::set, nf_conntrack::status, nf_conntrack::timeout, nf_conntrack::use, and nf_conntrack::zone.
Referenced by __callback(), and nfct_parse_conntrack().
References __DIR_ORIG, __NFCT_EXPECTFN_MAX, __parse_tuple(), ATTR_EXP_CLASS, ATTR_EXP_EXPECTED, ATTR_EXP_FLAGS, ATTR_EXP_FN, ATTR_EXP_HELPER_NAME, ATTR_EXP_MASK, ATTR_EXP_MASTER, ATTR_EXP_NAT_DIR, ATTR_EXP_NAT_TUPLE, ATTR_EXP_TIMEOUT, ATTR_EXP_ZONE, ATTR_ORIG_L3PROTO, nf_expect::class, CTA_EXPECT_CLASS, CTA_EXPECT_FLAGS, CTA_EXPECT_FN, CTA_EXPECT_HELP_NAME, CTA_EXPECT_MASK, CTA_EXPECT_MASTER, CTA_EXPECT_NAT, CTA_EXPECT_NAT_DIR, CTA_EXPECT_NAT_MAX, CTA_EXPECT_NAT_TUPLE, CTA_EXPECT_TIMEOUT, CTA_EXPECT_TUPLE, CTA_EXPECT_ZONE, nf_expect::expected, nf_expect::expectfn, nf_expect::flags, nf_expect::helper_name, __nfct_tuple::l3protonum, nf_expect::mask, nf_expect::master, nf_expect::nat, nf_expect::nat_dir, NFA_DATA, NFA_PAYLOAD, nfgenmsg::nfgen_family, nfnl_parse_nested, NLMSG_DATA, nfct_tuple_head::orig, nfct_tuple_head::set, nf_expect::set, tb, nf_expect::timeout, and nf_expect::zone.
Referenced by __callback(), and nfexp_parse_expect().
References flags, IPCTNL_MSG_EXP_DELETE, IPCTNL_MSG_EXP_NEW, NFCT_T_DESTROY, NFCT_T_NEW, NFCT_T_UNKNOWN, NFCT_T_UPDATE, NFNL_MSG_TYPE, NLM_F_CREATE, NLM_F_EXCL, nlmsghdr::nlmsg_flags, and nlmsghdr::nlmsg_type.
Referenced by nfexp_parse_expect().
References flags, IPCTNL_MSG_CT_DELETE, IPCTNL_MSG_CT_NEW, NFCT_T_DESTROY, NFCT_T_NEW, NFCT_T_UNKNOWN, NFCT_T_UPDATE, NFNL_MSG_TYPE, NLM_F_CREATE, NLM_F_EXCL, nlmsghdr::nlmsg_flags, and nlmsghdr::nlmsg_type.
Referenced by nfct_parse_conntrack().
| void __parse_tuple | ( | const struct nfattr * | attr, |
| struct __nfct_tuple * | tuple, | ||
| int | dir, | ||
| u_int32_t * | set | ||
| ) |
References CTA_TUPLE_IP, CTA_TUPLE_MAX, CTA_TUPLE_PROTO, and nfnl_parse_nested.
Referenced by __parse_conntrack(), and __parse_expect().
| const char* __proto2str | ( | u_int8_t | protonum | ) |
References proto2str.
| int __setobjopt | ( | struct nf_conntrack * | ct, |
| unsigned int | option | ||
| ) |
References ct, NFCT_SOPT_MAX, and unlikely.
Referenced by nfct_setobjopt().
| int __setup_netlink_socket_filter | ( | int | fd, |
| struct nfct_filter * | filter | ||
| ) |
References sock_fprog::filter, sock_fprog::len, NFCT_FILTER_ACCEPT, and NFNL_SUBSYS_CTNETLINK.
Referenced by nfct_filter_attach().
| int __snprintf_addr_xml | ( | char * | buf, |
| unsigned int | len, | ||
| const struct __nfct_tuple * | tuple, | ||
| enum __nfct_addr | type | ||
| ) |
References __ADDR_SRC, BUFFER_SIZE, __nfct_tuple::l3protonum, and size.
| int __snprintf_address | ( | char * | buf, |
| unsigned int | len, | ||
| const struct __nfct_tuple * | tuple, | ||
| const char * | src_tag, | ||
| const char * | dst_tag | ||
| ) |
References __nfct_tuple::l3protonum, and size.
Referenced by __snprintf_conntrack_default(), and __snprintf_expect_default().
| int __snprintf_connlabels | ( | char * | buf, |
| unsigned int | len, | ||
| struct nfct_labelmap * | map, | ||
| const struct nfct_bitmask * | b, | ||
| const char * | fmt | ||
| ) |
References BUFFER_SIZE, len, max, name, nfct_bitmask_maxbit(), nfct_bitmask_test_bit(), nfct_labelmap_get_name(), and size.
| int __snprintf_conntrack | ( | char * | buf, |
| unsigned int | len, | ||
| const struct nf_conntrack * | ct, | ||
| unsigned int | type, | ||
| unsigned int | msg_output, | ||
| unsigned int | flags, | ||
| struct nfct_labelmap * | |||
| ) |
References __snprintf_conntrack_default(), __snprintf_conntrack_xml(), NFCT_O_DEFAULT, NFCT_O_XML, and size.
Referenced by nfct_snprintf(), and nfct_snprintf_labels().
| int __snprintf_conntrack_default | ( | char * | buf, |
| unsigned int | len, | ||
| const struct nf_conntrack * | ct, | ||
| const unsigned int | msg_type, | ||
| const unsigned int | flags, | ||
| struct nfct_labelmap * | |||
| ) |
References __DIR_ORIG, __DIR_REPL, __snprintf_address(), __snprintf_proto(), __snprintf_protocol(), ATTR_CONNLABELS, ATTR_DCCP_STATE, ATTR_HELPER_NAME, ATTR_ID, ATTR_MARK, ATTR_ORIG_COUNTER_BYTES, ATTR_ORIG_COUNTER_PACKETS, ATTR_REPL_COUNTER_BYTES, ATTR_REPL_COUNTER_PACKETS, ATTR_SCTP_STATE, ATTR_SECCTX, ATTR_SECMARK, ATTR_STATUS, ATTR_TCP_STATE, ATTR_TIMEOUT, ATTR_TIMESTAMP_START, ATTR_TIMESTAMP_STOP, ATTR_USE, ATTR_ZONE, BUFFER_SIZE, nf_conntrack::head, NFCT_OF_ID, NFCT_OF_SHOW_LAYER3, NFCT_OF_TIMESTAMP, NFCT_T_DESTROY, NFCT_T_NEW, NFCT_T_UPDATE, nfct_tuple_head::orig, nf_conntrack::repl, nfct_tuple_head::set, and size.
Referenced by __snprintf_conntrack().
| int __snprintf_conntrack_xml | ( | char * | buf, |
| unsigned int | len, | ||
| const struct nf_conntrack * | ct, | ||
| const unsigned int | msg_type, | ||
| const unsigned int | flags, | ||
| struct nfct_labelmap * | |||
| ) |
References __DIR_ORIG, __DIR_REPL, __snprintf_localtime_xml(), ATTR_CONNLABELS, ATTR_DCCP_STATE, ATTR_HELPER_NAME, ATTR_ID, ATTR_MARK, ATTR_SCTP_STATE, ATTR_SECCTX, ATTR_SECMARK, ATTR_STATUS, ATTR_TCP_STATE, ATTR_TIMEOUT, ATTR_TIMESTAMP_START, ATTR_TIMESTAMP_STOP, ATTR_USE, ATTR_ZONE, BUFFER_SIZE, __nfct_protoinfo::dccp, DCCP_CONNTRACK_MAX, DCCP_CONNTRACK_NONE, nf_conntrack::head, nf_conntrack::id, IPS_ASSURED, IPS_SEEN_REPLY, nf_conntrack::mark, NFCT_OF_TIME, NFCT_OF_TIMESTAMP, NFCT_T_DESTROY, NFCT_T_NEW, NFCT_T_UPDATE, NULL, nf_conntrack::protoinfo, __nfct_protoinfo::sctp, SCTP_CONNTRACK_MAX, SCTP_CONNTRACK_NONE, nf_conntrack::secctx, nf_conntrack::secmark, nfct_tuple_head::set, size, __nfct_protoinfo::state, states, nf_conntrack::status, __nfct_protoinfo::tcp, TCP_CONNTRACK_MAX, TCP_CONNTRACK_NONE, nf_conntrack::timeout, nf_conntrack::use, and nf_conntrack::zone.
Referenced by __snprintf_conntrack().
| int __snprintf_expect | ( | char * | buf, |
| unsigned int | len, | ||
| const struct nf_expect * | exp, | ||
| unsigned int | type, | ||
| unsigned int | msg_output, | ||
| unsigned int | flags | ||
| ) |
References __snprintf_expect_default(), __snprintf_expect_xml(), NFCT_O_DEFAULT, NFCT_O_XML, and size.
Referenced by nfexp_snprintf().
| int __snprintf_expect_default | ( | char * | buf, |
| unsigned int | len, | ||
| const struct nf_expect * | exp, | ||
| unsigned int | msg_type, | ||
| unsigned int | flags | ||
| ) |
References __snprintf_address(), __snprintf_proto(), ATTR_EXP_HELPER_NAME, ATTR_EXP_ZONE, BUFFER_SIZE, nf_expect::expected, nf_expect::flags, nf_expect::helper_name, nf_expect::mask, nf_expect::master, NF_CT_EXPECT_INACTIVE, NF_CT_EXPECT_PERMANENT, NF_CT_EXPECT_USERSPACE, NFCT_T_DESTROY, NFCT_T_NEW, NFCT_T_UPDATE, nfct_tuple_head::orig, nf_expect::set, size, and nf_expect::zone.
Referenced by __snprintf_expect().
| int __snprintf_expect_xml | ( | char * | buf, |
| unsigned int | len, | ||
| const struct nf_expect * | exp, | ||
| unsigned int | msg_type, | ||
| unsigned int | flags | ||
| ) |
References BUFFER_SIZE, NFCT_T_DESTROY, NFCT_T_NEW, NFCT_T_UPDATE, and size.
Referenced by __snprintf_expect().
References BUFFER_SIZE, and size.
Referenced by __snprintf_conntrack_xml().
| int __snprintf_proto | ( | char * | buf, |
| unsigned int | len, | ||
| const struct __nfct_tuple * | tuple | ||
| ) |
References __nfct_l4_src::all, __nfct_l4_dst::all, __nfct_l4_dst::code, __nfct_l4_src::icmp, __nfct_l4_dst::icmp, __nfct_l4_src::id, IPPROTO_DCCP, IPPROTO_SCTP, IPPROTO_UDPLITE, __nfct_tuple::l4dst, __nfct_tuple::l4src, __nfct_l4_src::port, __nfct_l4_dst::port, __nfct_tuple::protonum, size, __nfct_l4_src::tcp, __nfct_l4_dst::tcp, and __nfct_l4_dst::type.
Referenced by __snprintf_conntrack_default(), and __snprintf_expect_default().
| int __snprintf_proto_xml | ( | char * | buf, |
| unsigned int | len, | ||
| const struct __nfct_tuple * | tuple, | ||
| enum __nfct_addr | type | ||
| ) |
| int __snprintf_protocol | ( | char * | buf, |
| unsigned int | len, | ||
| const struct nf_conntrack * | ct | ||
| ) |
References nf_conntrack::head, NULL, nfct_tuple_head::orig, proto2str, and __nfct_tuple::protonum.
Referenced by __snprintf_conntrack_default().
| int nfct_build_tuple | ( | struct nlmsghdr * | nlh, |
| const struct __nfct_tuple * | t, | ||
| int | type | ||
| ) |
References mnl_attr_nest_cancel(), mnl_attr_nest_end(), mnl_attr_nest_start(), and NULL.
Referenced by nfct_nlmsg_build(), and nfexp_nlmsg_build().
| int nfct_parse_tuple | ( | const struct nlattr * | attr, |
| struct __nfct_tuple * | tuple, | ||
| int | dir, | ||
| u_int32_t * | set | ||
| ) |
References CTA_TUPLE_IP, CTA_TUPLE_MAX, CTA_TUPLE_PROTO, and mnl_attr_parse_nested().
Referenced by nfct_payload_parse(), and nfexp_nlmsg_parse().
1.8.8