summaryrefslogtreecommitdiffstats
path: root/src/conntrack/api.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/conntrack/api.c')
-rw-r--r--src/conntrack/api.c80
1 files changed, 79 insertions, 1 deletions
diff --git a/src/conntrack/api.c b/src/conntrack/api.c
index d3d9bdb..683b2ce 100644
--- a/src/conntrack/api.c
+++ b/src/conntrack/api.c
@@ -766,7 +766,14 @@ __build_query_ct(struct nfnl_subsys_handle *ssh,
case NFCT_Q_CREATE_UPDATE:
__build_conntrack(ssh, req, size, IPCTNL_MSG_CT_NEW, NLM_F_REQUEST|NLM_F_CREATE|NLM_F_ACK, data);
break;
-
+ case NFCT_Q_DUMP_FILTER:
+ nfnl_fill_hdr(ssh, &req->nlh, 0, AF_UNSPEC, 0, IPCTNL_MSG_CT_GET, NLM_F_REQUEST|NLM_F_DUMP);
+ __build_filter_dump(req, size, data);
+ break;
+ case NFCT_Q_DUMP_FILTER_RESET:
+ nfnl_fill_hdr(ssh, &req->nlh, 0, AF_UNSPEC, 0, IPCTNL_MSG_CT_GET_CTRZERO, NLM_F_REQUEST|NLM_F_DUMP);
+ __build_filter_dump(req, size, data);
+ break;
default:
errno = ENOTSUP;
return -1;
@@ -802,6 +809,8 @@ __build_query_ct(struct nfnl_subsys_handle *ssh,
* - NFCT_Q_FLUSH: flush the conntrack table
* - NFCT_Q_DUMP: dump the conntrack table
* - NFCT_Q_DUMP_RESET: dump the conntrack table and reset counters
+ * - NFCT_Q_DUMP_FILTER: dump the conntrack table
+ * - NFCT_Q_DUMP_FILTER_RESET: dump the conntrack table and reset counters
*
* Pass a valid pointer to the protocol family (u_int32_t)
*
@@ -1356,3 +1365,72 @@ int nfct_filter_detach(int fd)
/**
* @}
*/
+
+/**
+ * \defgroup dumpfilter Kernel-space filtering for dumping
+ *
+ * @{
+ */
+
+/**
+ * nfct_filter_dump_create - create a dump filter
+ *
+ * This function returns a valid pointer on success, otherwise NULL is
+ * returned and errno is appropriately set.
+ */
+struct nfct_filter_dump *nfct_filter_dump_create(void)
+{
+ return calloc(sizeof(struct nfct_filter_dump), 1);
+}
+
+/**
+ * nfct_filter_dump_destroy - destroy a dump filter
+ * \param filter filter that we want to destroy
+ *
+ * This function releases the memory that is used by the filter object.
+ */
+void nfct_filter_dump_destroy(struct nfct_filter_dump *filter)
+{
+ assert(filter != NULL);
+ free(filter);
+ filter = NULL;
+}
+
+/**
+ * nfct_filter_dump_attr_set - set filter attribute
+ * \param filter dump filter object that we want to modify
+ * \param type filter attribute type
+ * \param value pointer to the value of the filter attribute
+ */
+void nfct_filter_dump_set_attr(struct nfct_filter_dump *filter_dump,
+ const enum nfct_filter_dump_attr type,
+ const void *value)
+{
+ assert(filter_dump != NULL);
+ assert(value != NULL);
+
+ if (unlikely(type >= NFCT_FILTER_DUMP_MAX))
+ return;
+
+ if (set_filter_dump_attr_array[type]) {
+ set_filter_dump_attr_array[type](filter_dump, value);
+ filter_dump->set |= (1 << type);
+ }
+}
+
+/**
+ * nfct_filter_dump_attr_set_u8 - set u8 dump filter attribute
+ * \param filter dump filter object that we want to modify
+ * \param type filter attribute type
+ * \param value value of the filter attribute using unsigned int (32 bits).
+ */
+void nfct_filter_dump_set_attr_u8(struct nfct_filter_dump *filter_dump,
+ const enum nfct_filter_dump_attr type,
+ u_int8_t value)
+{
+ nfct_filter_dump_set_attr(filter_dump, type, &value);
+}
+
+/**
+ * @}
+ */