diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2008-07-17 17:20:10 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2008-07-17 17:20:10 +0200 |
commit | 563114a47ae03c988ca0e66eddda33d485e35f6b (patch) | |
tree | 0e2db0e2a52b283991c96b25e6386be05fb2ed70 /src/conntrack/filter.c | |
parent | d073c52600a052db2822b4f284a0b2c546ec1ea4 (diff) |
add berkeley socket filtering high-level API
This patch adds an abstraction level to berkeley sockets filter (BSF) for
Netlink sockets available since Linux kernel 2.6.26. This provides an
easy way to attach filters without knowing about BSF at all.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/conntrack/filter.c')
-rw-r--r-- | src/conntrack/filter.c | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/src/conntrack/filter.c b/src/conntrack/filter.c new file mode 100644 index 0000000..5ea7d5e --- /dev/null +++ b/src/conntrack/filter.c @@ -0,0 +1,39 @@ +#include "internal.h" + +static void filter_attr_l4proto(struct nfct_filter *filter, const void *value) +{ + set_bit(*((int *) value), filter->l4proto_map); +} + +static void +filter_attr_l4proto_state(struct nfct_filter *filter, const void *value) +{ + const struct nfct_filter_proto *this = value; + + set_bit_u16(this->state, &filter->l4proto_state[this->proto].map); +} + +static void filter_attr_src_ipv4(struct nfct_filter *filter, const void *value) +{ + const struct nfct_filter_ipv4 *this = value; + + filter->l3proto[0][filter->l3proto_elems[0]].addr = this->addr; + filter->l3proto[0][filter->l3proto_elems[0]].mask = this->mask; + filter->l3proto_elems[0]++; +} + +static void filter_attr_dst_ipv4(struct nfct_filter *filter, const void *value) +{ + const struct nfct_filter_ipv4 *this = value; + + filter->l3proto[1][filter->l3proto_elems[1]].addr = this->addr; + filter->l3proto[1][filter->l3proto_elems[1]].mask = this->mask; + filter->l3proto_elems[1]++; +} + +filter_attr filter_attr_array[] = { + [NFCT_FILTER_L4PROTO] = filter_attr_l4proto, + [NFCT_FILTER_L4PROTO_STATE] = filter_attr_l4proto_state, + [NFCT_FILTER_SRC_IPV4] = filter_attr_src_ipv4, + [NFCT_FILTER_DST_IPV4] = filter_attr_dst_ipv4, +}; |