Functions | |
| struct nfct_filter * | nfct_filter_create (void) |
| void | nfct_filter_destroy (struct nfct_filter *filter) |
| void | nfct_filter_add_attr (struct nfct_filter *filter, const enum nfct_filter_attr type, const void *value) |
| void | nfct_filter_add_attr_u32 (struct nfct_filter *filter, const enum nfct_filter_attr type, u_int32_t value) |
| int | nfct_filter_set_logic (struct nfct_filter *filter, const enum nfct_filter_attr type, const enum nfct_filter_logic logic) |
| int | nfct_filter_attach (int fd, struct nfct_filter *filter) |
| int | nfct_filter_detach (int fd) |
| void nfct_filter_add_attr | ( | struct nfct_filter * | filter, | |
| const enum nfct_filter_attr | type, | |||
| const void * | value | |||
| ) |
nfct_filter_add_attr - add a filter attribute of the filter object
| filter | filter object that we want to modify | |
| type | filter attribute type | |
| value | pointer to the value of the filter attribute |
Limitations: You can add up to 127 IPv4 addresses and masks for NFCT_FILTER_SRC_IPV4 and, similarly, 127 for NFCT_FILTER_DST_IPV4.
Definition at line 1231 of file conntrack/api.c.
| void nfct_filter_add_attr_u32 | ( | struct nfct_filter * | filter, | |
| const enum nfct_filter_attr | type, | |||
| u_int32_t | value | |||
| ) |
nfct_filter_add_attr_u32 - add an u32 filter attribute of the filter object
| filter | filter object that we want to modify | |
| type | filter attribute type | |
| value | value of the filter attribute using unsigned int (32 bits). |
Limitations: You can add up to 255 protocols which is a reasonable limit.
Definition at line 1255 of file conntrack/api.c.
| int nfct_filter_attach | ( | int | fd, | |
| struct nfct_filter * | filter | |||
| ) |
nfct_filter_attach - attach a filter to a socket descriptor
| fd | socket descriptor | |
| filter | filter that we want to attach to the socket |
This function returns -1 on error and set errno appropriately. If the function returns EINVAL probably you have found a bug in it. Please, report this.
Definition at line 1305 of file conntrack/api.c.
| struct nfct_filter* nfct_filter_create | ( | void | ) | [read] |
nfct_filter_create - create a filter
This function returns a valid pointer on success, otherwise NULL is returned and errno is appropriately set.
Definition at line 1202 of file conntrack/api.c.
| void nfct_filter_destroy | ( | struct nfct_filter * | filter | ) |
nfct_filter_destroy - destroy a filter
| filter | filter that we want to destroy |
This function releases the memory that is used by the filter object. However, please note that this function does *not* detach an already attached filter.
Definition at line 1215 of file conntrack/api.c.
| int nfct_filter_detach | ( | int | fd | ) |
nfct_filter_detach - detach an existing filter
| fd | socket descriptor |
This function returns -1 on error and set errno appropriately.
Definition at line 1318 of file conntrack/api.c.
| int nfct_filter_set_logic | ( | struct nfct_filter * | filter, | |
| const enum nfct_filter_attr | type, | |||
| const enum nfct_filter_logic | logic | |||
| ) |
nfct_filter_set_logic - set the filter logic for an attribute type
| filter | filter object that we want to modify | |
| type | filter attribute type | |
| logic | filter logic that we want to use |
You can only use this function once to set the filtering logic for one attribute. You can define two logics: NFCT_FILTER_POSITIVE_LOGIC that accept events that match the filter, and NFCT_FILTER_NEGATIVE_LOGIC that rejects events that match the filter. Default filtering logic is NFCT_FILTER_POSITIVE_LOGIC.
On error, it returns -1 and errno is appropriately set. On success, it returns 0.
Definition at line 1277 of file conntrack/api.c.
1.7.1