Functions

Library setup

Functions

struct nfq_handlenfq_open (void)
int nfq_close (struct nfq_handle *h)
int nfq_bind_pf (struct nfq_handle *h, u_int16_t pf)
int nfq_unbind_pf (struct nfq_handle *h, u_int16_t pf)

Detailed Description

Library initialisation is made in two steps.

First step is to call nfq_open() to open a NFQUEUE handler.

Second step is to tell the kernel that userspace queueing is handle by NFQUEUE for the selected protocol. This is made by calling nfq_unbind_pf() and nfq_bind_pf() with protocol information. The idea behind this is to enable simultaneously loaded modules to be used for queuing.

Here's a little code snippet that bind with AF_INET:

	h = nfq_open();
	if (!h) {
		fprintf(stderr, "error during nfq_open()\n");
		exit(1);
	}

	printf("unbinding existing nf_queue handler for AF_INET (if any)\n");
	if (nfq_unbind_pf(h, AF_INET) < 0) {
		fprintf(stderr, "error during nfq_unbind_pf()\n");
		exit(1);
	}

	printf("binding nfnetlink_queue as nf_queue handler for AF_INET\n");
	if (nfq_bind_pf(h, AF_INET) < 0) {
		fprintf(stderr, "error during nfq_bind_pf()\n");
		exit(1);
	}

Once this is done, you can setup and use a Queue.

When the program has finished with libnetfilter_queue, it has to call the nfq_close() function to free all associated resources.


Function Documentation

int nfq_bind_pf ( struct nfq_handle h,
u_int16_t  pf 
)

nfq_bind_pf - bind a nfqueue handler to a given protocol family

Parameters:
h Netfilter queue connection handle obtained via call to nfq_open()
pf protocol family to bind to nfqueue handler obtained from nfq_open()

Binds the given queue connection handle to process packets belonging to the given protocol family (ie. PF_INET, PF_INET6, etc).

Returns:
integer inferior to 0 in case of failure

Definition at line 428 of file libnetfilter_queue.c.

int nfq_close ( struct nfq_handle h  ) 

nfq_close - close a nfqueue handler

Parameters:
h Netfilter queue connection handle obtained via call to nfq_open()

This function closes the nfqueue handler and free associated resources.

Returns:
0 on success, non-zero on failure.

Definition at line 408 of file libnetfilter_queue.c.

struct nfq_handle* nfq_open ( void   )  [read]

nfq_open - open a nfqueue handler

This function obtains a netfilter queue connection handle. When you are finished with the handle returned by this function, you should destroy it by calling nfq_close(). A new netlink connection is obtained internally and associated with the queue connection handle returned.

Returns:
a pointer to a new queue handle or NULL on failure.

Definition at line 325 of file libnetfilter_queue.c.

int nfq_unbind_pf ( struct nfq_handle h,
u_int16_t  pf 
)

nfq_unbind_pf - unbind nfqueue handler from a protocol family

Parameters:
h Netfilter queue connection handle obtained via call to nfq_open()
pf protocol family to unbind family from

Unbinds the given queue connection handle from processing packets belonging to the given protocol family.

Definition at line 441 of file libnetfilter_queue.c.