From 77b1fdb824eb45213df4f57224e8e799fed43ded Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Tue, 22 Jul 2008 12:13:43 +0200
Subject: Major rework of the user-space event filtering

This patch reworks the user-space filtering. Although we have
kernel-space filtering since Linux kernel >= 2.6.26, we keep userspace
filtering to ensure backward compatibility. Moreover, this patch
prepares the implementation of the kernel-space filtering via
libnetfilter_conntrack's high-level berkeley socket filter API.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 include/filter.h | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 include/filter.h

(limited to 'include/filter.h')

diff --git a/include/filter.h b/include/filter.h
new file mode 100644
index 0000000..de0754e
--- /dev/null
+++ b/include/filter.h
@@ -0,0 +1,31 @@
+#ifndef _FILTER_H_
+#define _FILTER_H_
+
+#include <stdint.h>
+
+enum ct_filter_type {
+	CT_FILTER_L4PROTO,
+	CT_FILTER_STATE,
+	CT_FILTER_ADDRESS,
+	CT_FILTER_MAX
+};
+
+enum ct_filter_logic {
+	CT_FILTER_NEGATIVE = 0,
+	CT_FILTER_POSITIVE = 1,
+};
+
+struct nf_conntrack;
+struct ct_filter;
+
+struct ct_filter *ct_filter_create(void);
+void ct_filter_destroy(struct ct_filter *filter);
+int ct_filter_add_ip(struct ct_filter *filter, void *data, uint8_t family);
+void ct_filter_add_proto(struct ct_filter *filter, int protonum);
+void ct_filter_add_state(struct ct_filter *f, int protonum, int state);
+void ct_filter_set_logic(struct ct_filter *f,
+			 enum ct_filter_type type,
+			 enum ct_filter_logic logic);
+int ct_filter_check(struct ct_filter *filter, struct nf_conntrack *ct);
+
+#endif
-- 
cgit v1.2.3