summaryrefslogtreecommitdiffstats
path: root/include/filter.h
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2008-11-25 23:34:48 +0100
committerPablo Neira Ayuso <pablo@netfilter.org>2008-11-25 23:34:48 +0100
commitb2edf895af82914ab09a842641a45b7a806e9b1e (patch)
tree2b2890418f2f39bd12587288411420e9a0b9b369 /include/filter.h
parent6262a4a7b7139fb5636228cb0f5a1e72f848d871 (diff)
filter: CIDR-based filtering support
This patch adds CIDR-based filtering support. The current implementation is O(n). This patch also introduces the vector data type which is used to store the IP address and the network mask. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include/filter.h')
-rw-r--r--include/filter.h15
1 files changed, 14 insertions, 1 deletions
diff --git a/include/filter.h b/include/filter.h
index de0754e..567be34 100644
--- a/include/filter.h
+++ b/include/filter.h
@@ -2,11 +2,13 @@
#define _FILTER_H_
#include <stdint.h>
+#include <string.h>
+#include <netinet/in.h>
enum ct_filter_type {
CT_FILTER_L4PROTO,
CT_FILTER_STATE,
- CT_FILTER_ADDRESS,
+ CT_FILTER_ADDRESS, /* also for netmask */
CT_FILTER_MAX
};
@@ -15,12 +17,23 @@ enum ct_filter_logic {
CT_FILTER_POSITIVE = 1,
};
+struct ct_filter_netmask_ipv4 {
+ uint32_t ip;
+ uint32_t mask;
+};
+
+struct ct_filter_netmask_ipv6 {
+ uint32_t ip[4];
+ uint32_t mask[4];
+};
+
struct nf_conntrack;
struct ct_filter;
struct ct_filter *ct_filter_create(void);
void ct_filter_destroy(struct ct_filter *filter);
int ct_filter_add_ip(struct ct_filter *filter, void *data, uint8_t family);
+int ct_filter_add_netmask(struct ct_filter *filter, void *data, uint8_t family);
void ct_filter_add_proto(struct ct_filter *filter, int protonum);
void ct_filter_add_state(struct ct_filter *f, int protonum, int state);
void ct_filter_set_logic(struct ct_filter *f,