|
libnetfilter_conntrack
1.0.6
|
Functions | |
| struct nfct_filter * | nfct_filter_create (void) |
| void | nfct_filter_destroy (struct nfct_filter *filter) |
| void | nfct_filter_add_attr (struct nfct_filter *filter, const enum nfct_filter_attr type, const void *value) |
| void | nfct_filter_add_attr_u32 (struct nfct_filter *filter, const enum nfct_filter_attr type, uint32_t value) |
| int | nfct_filter_set_logic (struct nfct_filter *filter, const enum nfct_filter_attr type, const enum nfct_filter_logic logic) |
| int | nfct_filter_attach (int fd, struct nfct_filter *filter) |
| int | nfct_filter_detach (int fd) |
| void nfct_filter_add_attr | ( | struct nfct_filter * | filter, |
| const enum nfct_filter_attr | type, | ||
| const void * | value | ||
| ) |
nfct_filter_add_attr - add a filter attribute of the filter object
| filter | filter object that we want to modify |
| type | filter attribute type |
| value | pointer to the value of the filter attribute |
Limitations: You can add up to 127 IPv4 addresses and masks for NFCT_FILTER_SRC_IPV4 and, similarly, 127 for NFCT_FILTER_DST_IPV4.
Definition at line 1356 of file conntrack/api.c.
| void nfct_filter_add_attr_u32 | ( | struct nfct_filter * | filter, |
| const enum nfct_filter_attr | type, | ||
| uint32_t | value | ||
| ) |
nfct_filter_add_attr_u32 - add an u32 filter attribute of the filter object
| filter | filter object that we want to modify |
| type | filter attribute type |
| value | value of the filter attribute using unsigned int (32 bits). |
Limitations: You can add up to 255 protocols which is a reasonable limit.
Definition at line 1380 of file conntrack/api.c.
| int nfct_filter_attach | ( | int | fd, |
| struct nfct_filter * | filter | ||
| ) |
nfct_filter_attach - attach a filter to a socket descriptor
| fd | socket descriptor |
| filter | filter that we want to attach to the socket |
This function returns -1 on error and set errno appropriately. If the function returns EINVAL probably you have found a bug in it. Please, report this.
Definition at line 1430 of file conntrack/api.c.
| struct nfct_filter* nfct_filter_create | ( | void | ) |
nfct_filter_create - create a filter
This function returns a valid pointer on success, otherwise NULL is returned and errno is appropriately set.
Definition at line 1327 of file conntrack/api.c.
| void nfct_filter_destroy | ( | struct nfct_filter * | filter | ) |
nfct_filter_destroy - destroy a filter
| filter | filter that we want to destroy |
This function releases the memory that is used by the filter object. However, please note that this function does not detach an already attached filter.
Definition at line 1340 of file conntrack/api.c.
| int nfct_filter_detach | ( | int | fd | ) |
nfct_filter_detach - detach an existing filter
| fd | socket descriptor |
This function returns -1 on error and set errno appropriately.
Definition at line 1443 of file conntrack/api.c.
| int nfct_filter_set_logic | ( | struct nfct_filter * | filter, |
| const enum nfct_filter_attr | type, | ||
| const enum nfct_filter_logic | logic | ||
| ) |
nfct_filter_set_logic - set the filter logic for an attribute type
| filter | filter object that we want to modify |
| type | filter attribute type |
| logic | filter logic that we want to use |
You can only use this function once to set the filtering logic for one attribute. You can define two logics: NFCT_FILTER_LOGIC_POSITIVE that accept events that match the filter, and NFCT_FILTER_LOGIC_NEGATIVE that rejects events that match the filter. Default filtering logic is NFCT_FILTER_LOGIC_POSITIVE.
On error, it returns -1 and errno is appropriately set. On success, it returns 0.
Definition at line 1402 of file conntrack/api.c.
1.8.8