libnetfilter_queue
1.0.5
|
Functions | |
struct nfq_handle * | nfq_open (void) |
int | nfq_close (struct nfq_handle *h) |
int | nfq_bind_pf (struct nfq_handle *h, uint16_t pf) |
int | nfq_unbind_pf (struct nfq_handle *h, uint16_t pf) |
Library initialisation is made in two steps.
First step is to call nfq_open() to open a NFQUEUE handler.
Second step is to tell the kernel that userspace queueing is handle by NFQUEUE for the selected protocol. This is made by calling nfq_unbind_pf() and nfq_bind_pf() with protocol information. The idea behind this is to enable simultaneously loaded modules to be used for queuing.
Here's a little code snippet that bind with AF_INET:
h = nfq_open(); if (!h) { fprintf(stderr, "error during nfq_open()\n"); exit(1); } printf("unbinding existing nf_queue handler for AF_INET (if any)\n"); if (nfq_unbind_pf(h, AF_INET) < 0) { fprintf(stderr, "error during nfq_unbind_pf()\n"); exit(1); } printf("binding nfnetlink_queue as nf_queue handler for AF_INET\n"); if (nfq_bind_pf(h, AF_INET) < 0) { fprintf(stderr, "error during nfq_bind_pf()\n"); exit(1); }
Once this is done, you can setup and use a Queue.
When the program has finished with libnetfilter_queue, it has to call the nfq_close() function to free all associated resources.
int nfq_bind_pf | ( | struct nfq_handle * | h, |
uint16_t | pf | ||
) |
nfq_bind_pf - bind a nfqueue handler to a given protocol family
h | Netfilter queue connection handle obtained via call to nfq_open() |
pf | protocol family to bind to nfqueue handler obtained from nfq_open() |
Binds the given queue connection handle to process packets belonging to the given protocol family (ie. PF_INET, PF_INET6, etc). This call is obsolete, Linux kernels from 3.8 onwards ignore it.
Definition at line 474 of file libnetfilter_queue.c.
int nfq_close | ( | struct nfq_handle * | h | ) |
nfq_close - close a nfqueue handler
h | Netfilter queue connection handle obtained via call to nfq_open() |
This function closes the nfqueue handler and free associated resources.
Definition at line 452 of file libnetfilter_queue.c.
struct nfq_handle* nfq_open | ( | void | ) |
nfq_open - open a nfqueue handler
This function obtains a netfilter queue connection handle. When you are finished with the handle returned by this function, you should destroy it by calling nfq_close(). A new netlink connection is obtained internally and associated with the queue connection handle returned.
Definition at line 363 of file libnetfilter_queue.c.
int nfq_unbind_pf | ( | struct nfq_handle * | h, |
uint16_t | pf | ||
) |
nfq_unbind_pf - unbind nfqueue handler from a protocol family
h | Netfilter queue connection handle obtained via call to nfq_open() |
pf | protocol family to unbind family from |
Unbinds the given queue connection handle from processing packets belonging to the given protocol family.
This call is obsolete, Linux kernels from 3.8 onwards ignore it.
Definition at line 490 of file libnetfilter_queue.c.