libnetfilter_conntrack  1.0.6
Functions
Low level object to Netlink message

Functions

int nfct_build_conntrack (struct nfnl_subsys_handle *ssh, void *req, size_t size, uint16_t type, uint16_t flags, const struct nf_conntrack *ct)
 
int nfct_build_query (struct nfnl_subsys_handle *ssh, const enum nf_conntrack_query qt, const void *data, void *buffer, unsigned int size)
 
int nfct_parse_conntrack (enum nf_conntrack_msg_type type, const struct nlmsghdr *nlh, struct nf_conntrack *ct)
 
int nfexp_build_expect (struct nfnl_subsys_handle *ssh, void *req, size_t size, uint16_t type, uint16_t flags, const struct nf_expect *exp)
 
int nfexp_build_query (struct nfnl_subsys_handle *ssh, const enum nf_conntrack_query qt, const void *data, void *buffer, unsigned int size)
 
int nfexp_parse_expect (enum nf_conntrack_msg_type type, const struct nlmsghdr *nlh, struct nf_expect *exp)
 

Detailed Description

Function Documentation

int nfct_build_conntrack ( struct nfnl_subsys_handle *  ssh,
void *  req,
size_t  size,
uint16_t  type,
uint16_t  flags,
const struct nf_conntrack *  ct 
)

nfct_build_conntrack - build a netlink message from a conntrack object

Parameters
sshnfnetlink subsystem handler
reqbuffer used to build the netlink message
sizesize of the buffer passed
typenetlink message type
flagsnetlink flags
ctpointer to a conntrack object

This is a low level function for those that require to be close to netlink details via libnfnetlink. If you do want to obviate the netlink details then we suggest you to use nfct_query.

On error, -1 is returned and errno is appropiately set. On success, 0 is returned.

Definition at line 770 of file conntrack/api.c.

int nfct_build_query ( struct nfnl_subsys_handle *  ssh,
const enum nf_conntrack_query  qt,
const void *  data,
void *  buffer,
unsigned int  size 
)

nfct_build_query - build a query in netlink message format for ctnetlink

Parameters
sshnfnetlink subsystem handler
qtquery type
datadata required to build the query
reqbuffer to build the netlink message
sizesize of the buffer passed

This is a low level function, use it if you want to require to work with netlink details via libnfnetlink, otherwise we suggest you to use nfct_query.

The pointer to data can be a conntrack object or the protocol family depending on the request.

For query types:

  • NFCT_Q_CREATE: add a new conntrack, if it exists, fail
  • NFCT_O_CREATE_UPDATE: add a new conntrack, if it exists, update it
  • NFCT_Q_UPDATE: update a conntrack
  • NFCT_Q_DESTROY: destroy a conntrack
  • NFCT_Q_GET: get a conntrack

Pass a valid pointer to a conntrack object.

For query types:

  • NFCT_Q_FLUSH: flush the conntrack table
  • NFCT_Q_DUMP: dump the conntrack table
  • NFCT_Q_DUMP_RESET: dump the conntrack table and reset counters
  • NFCT_Q_DUMP_FILTER: dump the conntrack table
  • NFCT_Q_DUMP_FILTER_RESET: dump the conntrack table and reset counters

Pass a valid pointer to the protocol family (uint32_t)

On success, 0 is returned. On error, -1 is returned and errno is set appropiately.

Definition at line 874 of file conntrack/api.c.

int nfct_parse_conntrack ( enum nf_conntrack_msg_type  type,
const struct nlmsghdr *  nlh,
struct nf_conntrack *  ct 
)

nfct_parse_conntrack - translate a netlink message to a conntrack object

Parameters
typedo the translation iif the message type is of a certain type
nlhpointer to the netlink message
ctpointer to the conntrack object

This is a low level function, use it in case that you require to work with netlink details via libnfnetlink. Otherwise, we suggest you to use the high level API.

The message types are:

  • NFCT_T_NEW: parse messages with new conntracks
  • NFCT_T_UPDATE: parse messages with conntrack updates
  • NFCT_T_DESTROY: parse messages with conntrack destroy
  • NFCT_T_ALL: all message types

The message type is a flag, therefore the can be combined, ie. NFCT_T_NEW | NFCT_T_DESTROY to parse only new and destroy messages

On error, NFCT_T_ERROR is returned and errno is set appropiately. If the message received is not of the requested type then 0 is returned, otherwise this function returns the message type parsed.

Definition at line 907 of file conntrack/api.c.

int nfexp_build_expect ( struct nfnl_subsys_handle *  ssh,
void *  req,
size_t  size,
uint16_t  type,
uint16_t  flags,
const struct nf_expect *  exp 
)

nfexp_build_expect - build a netlink message from a conntrack object

Parameters
sshnfnetlink subsystem handler
reqbuffer used to build the netlink message
sizesize of the buffer passed
typenetlink message type
flagsnetlink flags
exppointer to a conntrack object

This is a low level function for those that require to be close to netlink details via libnfnetlink. If you do want to obviate the netlink details then we suggest you to use nfexp_query.

On error, -1 is returned and errno is appropiately set. On success, 0 is returned.

Definition at line 504 of file expect/api.c.

int nfexp_build_query ( struct nfnl_subsys_handle *  ssh,
const enum nf_conntrack_query  qt,
const void *  data,
void *  buffer,
unsigned int  size 
)

nfexp_build_query - build a query in netlink message format for ctnetlink

Parameters
sshnfnetlink subsystem handler
qtquery type
datadata required to build the query
reqbuffer to build the netlink message
sizesize of the buffer passed

This is a low level function, use it if you want to require to work with netlink details via libnfnetlink, otherwise we suggest you to use nfexp_query.

The pointer to data can be a conntrack object or the protocol family depending on the request.

For query types: NFEXP_Q_CREATE NFEXP_Q_DESTROY

Pass a valid pointer to an expectation object.

For query types: NFEXP_Q_FLUSH NFEXP_Q_DUMP

Pass a valid pointer to the protocol family (uint8_t)

On success, 0 is returned. On error, -1 is returned and errno is set appropiately.

Definition at line 588 of file expect/api.c.

int nfexp_parse_expect ( enum nf_conntrack_msg_type  type,
const struct nlmsghdr *  nlh,
struct nf_expect *  exp 
)

nfexp_parse_expect - translate a netlink message to a conntrack object

Parameters
typedo the translation iif the message type is of a certain type
nlhpointer to the netlink message
exppointer to the conntrack object

This is a low level function, use it in case that you require to work with netlink details via libnfnetlink. Otherwise, we suggest you to use the high level API.

The message types are:

NFEXP_T_NEW: parse messages with new conntracks NFEXP_T_UPDATE: parse messages with conntrack updates NFEXP_T_DESTROY: parse messages with conntrack destroy NFEXP_T_ALL: all message types

The message type is a flag, therefore the can be combined, ie. NFEXP_T_NEW | NFEXP_T_DESTROY to parse only new and destroy messages

On error, NFEXP_T_ERROR is returned and errno is set appropiately. If the message received is not of the requested type then 0 is returned, otherwise this function returns the message type parsed.

Definition at line 621 of file expect/api.c.