diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2012-04-16 12:13:45 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2012-05-26 16:11:35 +0200 |
commit | d773fb2afc097a08d51eae42740c63142b1752cf (patch) | |
tree | 83d60033ed8124ebe77b2993b12c309e94a1433c /include | |
parent | 95b3bf6576165e1bbe23d55d5f15b7ebf9c98dc4 (diff) |
expect: add new API to build/parse ctnetlink messages using libmnl
This patch adds support to build and to parse netlink messages
from/to one user-space nf_conntrack object. It uses libmnl, thus
libnetfilter_conntrack now depends on this library.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include')
-rw-r--r-- | include/internal/prototypes.h | 3 | ||||
-rw-r--r-- | include/libnetfilter_conntrack/libnetfilter_conntrack.h | 5 |
2 files changed, 8 insertions, 0 deletions
diff --git a/include/internal/prototypes.h b/include/internal/prototypes.h index 730eb6b..eeeea24 100644 --- a/include/internal/prototypes.h +++ b/include/internal/prototypes.h @@ -39,6 +39,9 @@ int __setup_netlink_socket_filter(int fd, struct nfct_filter *filter); void __build_filter_dump(struct nfnlhdr *req, size_t size, const struct nfct_filter_dump *filter_dump); +int nfct_build_tuple(struct nlmsghdr *nlh, const struct __nfct_tuple *t, int type); +int nfct_parse_tuple(const struct nlattr *attr, struct __nfct_tuple *tuple, int dir, u_int32_t *set); + /* * expectation internal prototypes */ diff --git a/include/libnetfilter_conntrack/libnetfilter_conntrack.h b/include/libnetfilter_conntrack/libnetfilter_conntrack.h index 87c73a3..fbd67ef 100644 --- a/include/libnetfilter_conntrack/libnetfilter_conntrack.h +++ b/include/libnetfilter_conntrack/libnetfilter_conntrack.h @@ -680,6 +680,11 @@ int nfexp_build_query(struct nfnl_subsys_handle *ssh, void *buffer, unsigned int size); +/* New low level API: netlink functions */ + +extern int nfexp_nlmsg_build(struct nlmsghdr *nlh, const struct nf_expect *exp); +extern int nfexp_nlmsg_parse(const struct nlmsghdr *nlh, struct nf_expect *exp); + /* Bitset representing status of connection. Taken from ip_conntrack.h * * Note: For backward compatibility this shouldn't ever change |