diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2008-11-25 23:34:48 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2008-11-25 23:34:48 +0100 |
commit | b2edf895af82914ab09a842641a45b7a806e9b1e (patch) | |
tree | 2b2890418f2f39bd12587288411420e9a0b9b369 /include/filter.h | |
parent | 6262a4a7b7139fb5636228cb0f5a1e72f848d871 (diff) |
filter: CIDR-based filtering support
This patch adds CIDR-based filtering support. The current
implementation is O(n).
This patch also introduces the vector data type which is
used to store the IP address and the network mask.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include/filter.h')
-rw-r--r-- | include/filter.h | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/include/filter.h b/include/filter.h index de0754e..567be34 100644 --- a/include/filter.h +++ b/include/filter.h @@ -2,11 +2,13 @@ #define _FILTER_H_ #include <stdint.h> +#include <string.h> +#include <netinet/in.h> enum ct_filter_type { CT_FILTER_L4PROTO, CT_FILTER_STATE, - CT_FILTER_ADDRESS, + CT_FILTER_ADDRESS, /* also for netmask */ CT_FILTER_MAX }; @@ -15,12 +17,23 @@ enum ct_filter_logic { CT_FILTER_POSITIVE = 1, }; +struct ct_filter_netmask_ipv4 { + uint32_t ip; + uint32_t mask; +}; + +struct ct_filter_netmask_ipv6 { + uint32_t ip[4]; + uint32_t mask[4]; +}; + struct nf_conntrack; struct ct_filter; struct ct_filter *ct_filter_create(void); void ct_filter_destroy(struct ct_filter *filter); int ct_filter_add_ip(struct ct_filter *filter, void *data, uint8_t family); +int ct_filter_add_netmask(struct ct_filter *filter, void *data, uint8_t family); void ct_filter_add_proto(struct ct_filter *filter, int protonum); void ct_filter_add_state(struct ct_filter *f, int protonum, int state); void ct_filter_set_logic(struct ct_filter *f, |