Major rework of the user-space event filtering

This patch reworks the user-space filtering. Although we have
kernel-space filtering since Linux kernel >= 2.6.26, we keep userspace
filtering to ensure backward compatibility. Moreover, this patch
prepares the implementation of the kernel-space filtering via
libnetfilter_conntrack's high-level berkeley socket filter API.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

1 files changed, 31 insertions, 0 deletions

diff --git a/include/filter.h b/include/filter.h
new file mode 100644
index 0000000..de0754e
--- /dev/null
+++ b/include/filter.h
@@ -0,0 +1,31 @@
+#ifndef _FILTER_H_
+#define _FILTER_H_
+
+#include <stdint.h>
+
+enum ct_filter_type {
+	CT_FILTER_L4PROTO,
+	CT_FILTER_STATE,
+	CT_FILTER_ADDRESS,
+	CT_FILTER_MAX
+};
+
+enum ct_filter_logic {
+	CT_FILTER_NEGATIVE = 0,
+	CT_FILTER_POSITIVE = 1,
+};
+
+struct nf_conntrack;
+struct ct_filter;
+
+struct ct_filter *ct_filter_create(void);
+void ct_filter_destroy(struct ct_filter *filter);
+int ct_filter_add_ip(struct ct_filter *filter, void *data, uint8_t family);
+void ct_filter_add_proto(struct ct_filter *filter, int protonum);
+void ct_filter_add_state(struct ct_filter *f, int protonum, int state);
+void ct_filter_set_logic(struct ct_filter *f,
+			 enum ct_filter_type type,
+			 enum ct_filter_logic logic);
+int ct_filter_check(struct ct_filter *filter, struct nf_conntrack *ct);
+
+#endif