Functions

Kernel-space filtering for events

Functions

struct nfct_filter * nfct_filter_create (void)
void nfct_filter_destroy (struct nfct_filter *filter)
void nfct_filter_add_attr (struct nfct_filter *filter, const enum nfct_filter_attr type, const void *value)
void nfct_filter_add_attr_u32 (struct nfct_filter *filter, const enum nfct_filter_attr type, u_int32_t value)
int nfct_filter_set_logic (struct nfct_filter *filter, const enum nfct_filter_attr type, const enum nfct_filter_logic logic)
int nfct_filter_attach (int fd, struct nfct_filter *filter)
int nfct_filter_detach (int fd)

Function Documentation

void nfct_filter_add_attr ( struct nfct_filter *  filter,
const enum nfct_filter_attr  type,
const void *  value 
)

nfct_filter_add_attr - add a filter attribute of the filter object

Parameters:
filter filter object that we want to modify
type filter attribute type
value pointer to the value of the filter attribute

Limitations: You can add up to 127 IPv4 addresses and masks for NFCT_FILTER_SRC_IPV4 and, similarly, 127 for NFCT_FILTER_DST_IPV4.

Definition at line 1231 of file conntrack/api.c.

void nfct_filter_add_attr_u32 ( struct nfct_filter *  filter,
const enum nfct_filter_attr  type,
u_int32_t  value 
)

nfct_filter_add_attr_u32 - add an u32 filter attribute of the filter object

Parameters:
filter filter object that we want to modify
type filter attribute type
value value of the filter attribute using unsigned int (32 bits).

Limitations: You can add up to 255 protocols which is a reasonable limit.

Definition at line 1255 of file conntrack/api.c.

int nfct_filter_attach ( int  fd,
struct nfct_filter *  filter 
)

nfct_filter_attach - attach a filter to a socket descriptor

Parameters:
fd socket descriptor
filter filter that we want to attach to the socket

This function returns -1 on error and set errno appropriately. If the function returns EINVAL probably you have found a bug in it. Please, report this.

Definition at line 1305 of file conntrack/api.c.

struct nfct_filter* nfct_filter_create ( void   )  [read]

nfct_filter_create - create a filter

This function returns a valid pointer on success, otherwise NULL is returned and errno is appropriately set.

Definition at line 1202 of file conntrack/api.c.

void nfct_filter_destroy ( struct nfct_filter *  filter  ) 

nfct_filter_destroy - destroy a filter

Parameters:
filter filter that we want to destroy

This function releases the memory that is used by the filter object. However, please note that this function does *not* detach an already attached filter.

Definition at line 1215 of file conntrack/api.c.

int nfct_filter_detach ( int  fd  ) 

nfct_filter_detach - detach an existing filter

Parameters:
fd socket descriptor

This function returns -1 on error and set errno appropriately.

Definition at line 1318 of file conntrack/api.c.

int nfct_filter_set_logic ( struct nfct_filter *  filter,
const enum nfct_filter_attr  type,
const enum nfct_filter_logic  logic 
)

nfct_filter_set_logic - set the filter logic for an attribute type

Parameters:
filter filter object that we want to modify
type filter attribute type
logic filter logic that we want to use

You can only use this function once to set the filtering logic for one attribute. You can define two logics: NFCT_FILTER_POSITIVE_LOGIC that accept events that match the filter, and NFCT_FILTER_NEGATIVE_LOGIC that rejects events that match the filter. Default filtering logic is NFCT_FILTER_POSITIVE_LOGIC.

On error, it returns -1 and errno is appropriately set. On success, it returns 0.

Definition at line 1277 of file conntrack/api.c.