From d65c9ce404a5a3dc4de220189daaf610f4ec306e Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Fri, 18 Jul 2008 14:36:06 +0200 Subject: Extend high-level API for netlink BSF to add negative logic This patch introduces nfct_filter_set_logic() to set the filtering logic which results in a more flexible solution. Signed-off-by: Pablo Neira Ayuso --- src/conntrack/api.c | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) (limited to 'src/conntrack/api.c') diff --git a/src/conntrack/api.c b/src/conntrack/api.c index 3bd96a8..fcd3fb4 100644 --- a/src/conntrack/api.c +++ b/src/conntrack/api.c @@ -907,6 +907,40 @@ void nfct_filter_add_attr_u32(struct nfct_filter *filter, nfct_filter_add_attr(filter, type, &value); } +/** + * nfct_filter_set_logic - set the filter logic for an attribute type + * @filter: filter object that we want to modify + * @type: filter attribute type + * @logic: filter logic that we want to use + * + * You can only use this function once to set the filtering logic for + * one attribute. You can define two logics: NFCT_FILTER_POSITIVE_LOGIC + * that accept events that match the filter, and NFCT_FILTER_NEGATIVE_LOGIC + * that rejects events that match the filter. Default filtering logic is + * NFCT_FILTER_POSITIVE_LOGIC. + * + * On error, it returns -1 and errno is appropriately set. On success, it + * returns 0. + */ +int nfct_filter_set_logic(struct nfct_filter *filter, + const enum nfct_filter_attr type, + const enum nfct_filter_logic logic) +{ + if (type >= NFCT_FILTER_MAX) { + errno = ENOTSUP; + return -1; + } + + if (filter->logic[type]) { + errno = EBUSY; + return -1; + } + + filter->logic[type] = logic; + + return 0; +} + /** * nfct_filter_attach - attach a filter to a socket descriptor * @fd: socket descriptor -- cgit v1.2.3