libnetfilter_conntrack  1.0.6
Functions
Kernel-space filtering for events

Functions

struct nfct_filter * nfct_filter_create (void)
 
void nfct_filter_destroy (struct nfct_filter *filter)
 
void nfct_filter_add_attr (struct nfct_filter *filter, const enum nfct_filter_attr type, const void *value)
 
void nfct_filter_add_attr_u32 (struct nfct_filter *filter, const enum nfct_filter_attr type, uint32_t value)
 
int nfct_filter_set_logic (struct nfct_filter *filter, const enum nfct_filter_attr type, const enum nfct_filter_logic logic)
 
int nfct_filter_attach (int fd, struct nfct_filter *filter)
 
int nfct_filter_detach (int fd)
 

Detailed Description

Function Documentation

void nfct_filter_add_attr ( struct nfct_filter *  filter,
const enum nfct_filter_attr  type,
const void *  value 
)

nfct_filter_add_attr - add a filter attribute of the filter object

Parameters
filterfilter object that we want to modify
typefilter attribute type
valuepointer to the value of the filter attribute

Limitations: You can add up to 127 IPv4 addresses and masks for NFCT_FILTER_SRC_IPV4 and, similarly, 127 for NFCT_FILTER_DST_IPV4.

Definition at line 1356 of file conntrack/api.c.

void nfct_filter_add_attr_u32 ( struct nfct_filter *  filter,
const enum nfct_filter_attr  type,
uint32_t  value 
)

nfct_filter_add_attr_u32 - add an u32 filter attribute of the filter object

Parameters
filterfilter object that we want to modify
typefilter attribute type
valuevalue of the filter attribute using unsigned int (32 bits).

Limitations: You can add up to 255 protocols which is a reasonable limit.

Definition at line 1380 of file conntrack/api.c.

int nfct_filter_attach ( int  fd,
struct nfct_filter *  filter 
)

nfct_filter_attach - attach a filter to a socket descriptor

Parameters
fdsocket descriptor
filterfilter that we want to attach to the socket

This function returns -1 on error and set errno appropriately. If the function returns EINVAL probably you have found a bug in it. Please, report this.

Definition at line 1430 of file conntrack/api.c.

struct nfct_filter* nfct_filter_create ( void  )

nfct_filter_create - create a filter

This function returns a valid pointer on success, otherwise NULL is returned and errno is appropriately set.

Definition at line 1327 of file conntrack/api.c.

void nfct_filter_destroy ( struct nfct_filter *  filter)

nfct_filter_destroy - destroy a filter

Parameters
filterfilter that we want to destroy

This function releases the memory that is used by the filter object. However, please note that this function does not detach an already attached filter.

Definition at line 1340 of file conntrack/api.c.

int nfct_filter_detach ( int  fd)

nfct_filter_detach - detach an existing filter

Parameters
fdsocket descriptor

This function returns -1 on error and set errno appropriately.

Definition at line 1443 of file conntrack/api.c.

int nfct_filter_set_logic ( struct nfct_filter *  filter,
const enum nfct_filter_attr  type,
const enum nfct_filter_logic  logic 
)

nfct_filter_set_logic - set the filter logic for an attribute type

Parameters
filterfilter object that we want to modify
typefilter attribute type
logicfilter logic that we want to use

You can only use this function once to set the filtering logic for one attribute. You can define two logics: NFCT_FILTER_LOGIC_POSITIVE that accept events that match the filter, and NFCT_FILTER_LOGIC_NEGATIVE that rejects events that match the filter. Default filtering logic is NFCT_FILTER_LOGIC_POSITIVE.

On error, it returns -1 and errno is appropriately set. On success, it returns 0.

Definition at line 1402 of file conntrack/api.c.