summaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2012-02-09 18:56:59 +0100
committerPablo Neira Ayuso <pablo@netfilter.org>2012-02-09 18:58:22 +0100
commit62ed08f2d25ef0f332fe65fd40a97ff4dc4eda93 (patch)
tree99adfaf00c3a56bb20a2463878bec32ffd5c03ef /include
parentd383b7281ac6beecc8775c8d220a9fb611f99f94 (diff)
conntrack: add support for CTA_MARK_MASK and filtered dumping
This patch adds the infrastructure to allow filtered dumping. See utils/conntrack_dump_filter.c for instance. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include')
-rw-r--r--include/internal/extern.h2
-rw-r--r--include/internal/object.h10
-rw-r--r--include/internal/prototypes.h2
-rw-r--r--include/internal/types.h1
-rw-r--r--include/libnetfilter_conntrack/libnetfilter_conntrack.h31
-rw-r--r--include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h1
6 files changed, 46 insertions, 1 deletions
diff --git a/include/internal/extern.h b/include/internal/extern.h
index 2a3ef06..fb9ca54 100644
--- a/include/internal/extern.h
+++ b/include/internal/extern.h
@@ -13,6 +13,8 @@ extern const get_exp_attr get_exp_attr_array[];
extern const uint32_t attr_grp_bitmask[ATTR_GRP_MAX][__NFCT_BITSET];
+extern const set_filter_dump_attr set_filter_dump_attr_array[];
+
/* for the snprintf infrastructure */
extern const char *const l3proto2str[AF_MAX];
extern const char *const proto2str[IPPROTO_MAX];
diff --git a/include/internal/object.h b/include/internal/object.h
index 94433bf..55fa4f5 100644
--- a/include/internal/object.h
+++ b/include/internal/object.h
@@ -261,6 +261,16 @@ struct nfct_filter {
};
/*
+ * conntrack filter dump object
+ */
+
+struct nfct_filter_dump {
+ struct nfct_filter_dump_mark mark;
+ u_int8_t l3num;
+ u_int32_t set;
+};
+
+/*
* expectation object
*/
diff --git a/include/internal/prototypes.h b/include/internal/prototypes.h
index 532c60e..730eb6b 100644
--- a/include/internal/prototypes.h
+++ b/include/internal/prototypes.h
@@ -37,6 +37,8 @@ void __copy_fast(struct nf_conntrack *ct1, const struct nf_conntrack *ct);
int __setup_netlink_socket_filter(int fd, struct nfct_filter *filter);
+void __build_filter_dump(struct nfnlhdr *req, size_t size, const struct nfct_filter_dump *filter_dump);
+
/*
* expectation internal prototypes
*/
diff --git a/include/internal/types.h b/include/internal/types.h
index 433de5b..3459200 100644
--- a/include/internal/types.h
+++ b/include/internal/types.h
@@ -15,6 +15,7 @@ typedef int (*getobjopt)(const struct nf_conntrack *ct);
typedef void (*setobjopt)(struct nf_conntrack *ct);
typedef void (*set_attr_grp)(struct nf_conntrack *ct, const void *value);
typedef void (*get_attr_grp)(const struct nf_conntrack *ct, void *data);
+typedef void (*set_filter_dump_attr)(struct nfct_filter_dump *filter_dump, const void *value);
/*
* expectation types
diff --git a/include/libnetfilter_conntrack/libnetfilter_conntrack.h b/include/libnetfilter_conntrack/libnetfilter_conntrack.h
index 538dc2d..a4a60cb 100644
--- a/include/libnetfilter_conntrack/libnetfilter_conntrack.h
+++ b/include/libnetfilter_conntrack/libnetfilter_conntrack.h
@@ -392,6 +392,8 @@ enum nf_conntrack_query {
NFCT_Q_DUMP,
NFCT_Q_DUMP_RESET,
NFCT_Q_CREATE_UPDATE,
+ NFCT_Q_DUMP_FILTER,
+ NFCT_Q_DUMP_FILTER_RESET,
};
extern int nfct_query(struct nfct_handle *h,
@@ -421,7 +423,7 @@ extern void nfct_copy_attr(struct nf_conntrack *ct1,
const struct nf_conntrack *ct2,
const enum nf_conntrack_attr type);
-/* filter */
+/* event filtering */
struct nfct_filter;
@@ -472,6 +474,33 @@ extern int nfct_filter_set_logic(struct nfct_filter *filter,
extern int nfct_filter_attach(int fd, struct nfct_filter *filter);
extern int nfct_filter_detach(int fd);
+/* dump filtering */
+
+struct nfct_filter_dump;
+
+struct nfct_filter_dump_mark {
+ u_int32_t val;
+ u_int32_t mask;
+};
+
+enum nfct_filter_dump_attr {
+ NFCT_FILTER_DUMP_MARK = 0, /* struct nfct_filter_dump_mark */
+ NFCT_FILTER_DUMP_L3NUM, /* u_int8_t */
+ NFCT_FILTER_DUMP_MAX
+};
+
+struct nfct_filter_dump *nfct_filter_dump_create(void);
+
+void nfct_filter_dump_destroy(struct nfct_filter_dump *filter);
+
+void nfct_filter_dump_set_attr(struct nfct_filter_dump *filter_dump,
+ const enum nfct_filter_dump_attr type,
+ const void *data);
+
+void nfct_filter_dump_set_attr_u8(struct nfct_filter_dump *filter_dump,
+ const enum nfct_filter_dump_attr type,
+ u_int8_t data);
+
/* low level API: netlink functions */
extern __attribute__((deprecated)) int
diff --git a/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h b/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h
index 2175799..1cf938b 100644
--- a/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h
+++ b/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h
@@ -47,6 +47,7 @@ enum ctattr_type {
CTA_ZONE,
CTA_SECCTX,
CTA_TIMESTAMP,
+ CTA_MARK_MASK,
__CTA_MAX
};
#define CTA_MAX (__CTA_MAX - 1)