From 563114a47ae03c988ca0e66eddda33d485e35f6b Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Thu, 17 Jul 2008 17:20:10 +0200
Subject: add berkeley socket filtering high-level API

This patch adds an abstraction level to berkeley sockets filter (BSF) for
Netlink sockets available since Linux kernel 2.6.26. This provides an
easy way to attach filters without knowing about BSF at all.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/conntrack/filter.c | 39 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)
 create mode 100644 src/conntrack/filter.c

(limited to 'src/conntrack/filter.c')

diff --git a/src/conntrack/filter.c b/src/conntrack/filter.c
new file mode 100644
index 0000000..5ea7d5e
--- /dev/null
+++ b/src/conntrack/filter.c
@@ -0,0 +1,39 @@
+#include "internal.h"
+
+static void filter_attr_l4proto(struct nfct_filter *filter, const void *value)
+{
+	set_bit(*((int *) value), filter->l4proto_map);
+}
+
+static void 
+filter_attr_l4proto_state(struct nfct_filter *filter, const void *value)
+{
+	const struct nfct_filter_proto *this = value;
+
+	set_bit_u16(this->state, &filter->l4proto_state[this->proto].map);
+}
+
+static void filter_attr_src_ipv4(struct nfct_filter *filter, const void *value)
+{
+	const struct nfct_filter_ipv4 *this = value;
+
+	filter->l3proto[0][filter->l3proto_elems[0]].addr = this->addr;
+	filter->l3proto[0][filter->l3proto_elems[0]].mask = this->mask;
+	filter->l3proto_elems[0]++;
+}
+
+static void filter_attr_dst_ipv4(struct nfct_filter *filter, const void *value)
+{
+	const struct nfct_filter_ipv4 *this = value;
+
+	filter->l3proto[1][filter->l3proto_elems[1]].addr = this->addr;
+	filter->l3proto[1][filter->l3proto_elems[1]].mask = this->mask;
+	filter->l3proto_elems[1]++;
+}
+
+filter_attr filter_attr_array[] = {
+	[NFCT_FILTER_L4PROTO]		= filter_attr_l4proto,
+	[NFCT_FILTER_L4PROTO_STATE]	= filter_attr_l4proto_state,
+	[NFCT_FILTER_SRC_IPV4]		= filter_attr_src_ipv4,
+	[NFCT_FILTER_DST_IPV4]		= filter_attr_dst_ipv4,
+};
-- 
cgit v1.2.3