Functions

Low level object to Netlink message

Functions

int nfct_build_conntrack (struct nfnl_subsys_handle *ssh, void *req, size_t size, u_int16_t type, u_int16_t flags, const struct nf_conntrack *ct)
int nfct_build_query (struct nfnl_subsys_handle *ssh, const enum nf_conntrack_query qt, const void *data, void *buffer, unsigned int size)
int nfct_parse_conntrack (enum nf_conntrack_msg_type type, const struct nlmsghdr *nlh, struct nf_conntrack *ct)
int nfexp_build_expect (struct nfnl_subsys_handle *ssh, void *req, size_t size, u_int16_t type, u_int16_t flags, const struct nf_expect *exp)
int nfexp_build_query (struct nfnl_subsys_handle *ssh, const enum nf_conntrack_query qt, const void *data, void *buffer, unsigned int size)
int nfexp_parse_expect (enum nf_conntrack_msg_type type, const struct nlmsghdr *nlh, struct nf_expect *exp)

Function Documentation

int nfct_build_conntrack ( struct nfnl_subsys_handle *  ssh,
void *  req,
size_t  size,
u_int16_t  type,
u_int16_t  flags,
const struct nf_conntrack *  ct 
)

nfct_build_conntrack - build a netlink message from a conntrack object

Parameters:
ssh nfnetlink subsystem handler
req buffer used to build the netlink message
size size of the buffer passed
type netlink message type
flags netlink flags
ct pointer to a conntrack object

This is a low level function for those that require to be close to netlink details via libnfnetlink. If you do want to obviate the netlink details then we suggest you to use nfct_query.

On error, -1 is returned and errno is appropiately set. On success, 0 is returned.

Definition at line 709 of file conntrack/api.c.

int nfct_build_query ( struct nfnl_subsys_handle *  ssh,
const enum nf_conntrack_query  qt,
const void *  data,
void *  buffer,
unsigned int  size 
)

nfct_build_query - build a query in netlink message format for ctnetlink

Parameters:
ssh nfnetlink subsystem handler
qt query type
data data required to build the query
req buffer to build the netlink message
size size of the buffer passed

This is a low level function, use it if you want to require to work with netlink details via libnfnetlink, otherwise we suggest you to use nfct_query.

The pointer to data can be a conntrack object or the protocol family depending on the request.

For query types:

  • NFCT_Q_CREATE: add a new conntrack, if it exists, fail
  • NFCT_O_CREATE_UPDATE: add a new conntrack, if it exists, update it
  • NFCT_Q_UPDATE: update a conntrack
  • NFCT_Q_DESTROY: destroy a conntrack
  • NFCT_Q_GET: get a conntrack

Pass a valid pointer to a conntrack object.

For query types:

  • NFCT_Q_FLUSH: flush the conntrack table
  • NFCT_Q_DUMP: dump the conntrack table
  • NFCT_Q_DUMP_RESET: dump the conntrack table and reset counters

Pass a valid pointer to the protocol family (u_int32_t)

On success, 0 is returned. On error, -1 is returned and errno is set appropiately.

Definition at line 757 of file conntrack/api.c.

int nfct_parse_conntrack ( enum nf_conntrack_msg_type  type,
const struct nlmsghdr *  nlh,
struct nf_conntrack *  ct 
)

nfct_parse_conntrack - translate a netlink message to a conntrack object

Parameters:
type do the translation iif the message type is of a certain type
nlh pointer to the netlink message
ct pointer to the conntrack object

This is a low level function, use it in case that you require to work with netlink details via libnfnetlink. Otherwise, we suggest you to use the high level API.

The message types are:

  • NFCT_T_NEW: parse messages with new conntracks
  • NFCT_T_UPDATE: parse messages with conntrack updates
  • NFCT_T_DESTROY: parse messages with conntrack destroy
  • NFCT_T_ALL: all message types

The message type is a flag, therefore the can be combined, ie. NFCT_T_NEW | NFCT_T_DESTROY to parse only new and destroy messages

On error, NFCT_T_ERROR is returned and errno is set appropiately. If the message received is not of the requested type then 0 is returned, otherwise this function returns the message type parsed.

Definition at line 829 of file conntrack/api.c.

int nfexp_build_expect ( struct nfnl_subsys_handle *  ssh,
void *  req,
size_t  size,
u_int16_t  type,
u_int16_t  flags,
const struct nf_expect *  exp 
)

nfexp_build_expect - build a netlink message from a conntrack object

Parameters:
ssh nfnetlink subsystem handler
req buffer used to build the netlink message
size size of the buffer passed
type netlink message type
flags netlink flags
exp pointer to a conntrack object

This is a low level function for those that require to be close to netlink details via libnfnetlink. If you do want to obviate the netlink details then we suggest you to use nfexp_query.

On error, -1 is returned and errno is appropiately set. On success, 0 is returned.

Definition at line 468 of file expect/api.c.

int nfexp_build_query ( struct nfnl_subsys_handle *  ssh,
const enum nf_conntrack_query  qt,
const void *  data,
void *  buffer,
unsigned int  size 
)

nfexp_build_query - build a query in netlink message format for ctnetlink

Parameters:
ssh nfnetlink subsystem handler
qt query type
data data required to build the query
req buffer to build the netlink message
size size of the buffer passed

This is a low level function, use it if you want to require to work with netlink details via libnfnetlink, otherwise we suggest you to use nfexp_query.

The pointer to data can be a conntrack object or the protocol family depending on the request.

For query types: NFEXP_Q_CREATE NFEXP_Q_DESTROY

Pass a valid pointer to an expectation object.

For query types: NFEXP_Q_FLUSH NFEXP_Q_DUMP

Pass a valid pointer to the protocol family (u_int8_t)

On success, 0 is returned. On error, -1 is returned and errno is set appropiately.

Definition at line 512 of file expect/api.c.

int nfexp_parse_expect ( enum nf_conntrack_msg_type  type,
const struct nlmsghdr *  nlh,
struct nf_expect *  exp 
)

nfexp_parse_expect - translate a netlink message to a conntrack object

Parameters:
type do the translation iif the message type is of a certain type
nlh pointer to the netlink message
exp pointer to the conntrack object

This is a low level function, use it in case that you require to work with netlink details via libnfnetlink. Otherwise, we suggest you to use the high level API.

The message types are:

NFEXP_T_NEW: parse messages with new conntracks NFEXP_T_UPDATE: parse messages with conntrack updates NFEXP_T_DESTROY: parse messages with conntrack destroy NFEXP_T_ALL: all message types

The message type is a flag, therefore the can be combined, ie. NFEXP_T_NEW | NFEXP_T_DESTROY to parse only new and destroy messages

On error, NFEXP_T_ERROR is returned and errno is set appropiately. If the message received is not of the requested type then 0 is returned, otherwise this function returns the message type parsed.

Definition at line 574 of file expect/api.c.