Low level object to Netlink message

Functions
int	nfct_build_conntrack (struct nfnl_subsys_handle *ssh, void *req, size_t size, uint16_t type, uint16_t flags, const struct nf_conntrack *ct)
int	nfct_build_query (struct nfnl_subsys_handle *ssh, const enum nf_conntrack_query qt, const void *data, void *buffer, unsigned int size)
int	nfct_parse_conntrack (enum nf_conntrack_msg_type type, const struct nlmsghdr *nlh, struct nf_conntrack *ct)
int	nfexp_build_expect (struct nfnl_subsys_handle *ssh, void *req, size_t size, uint16_t type, uint16_t flags, const struct nf_expect *exp)
int	nfexp_build_query (struct nfnl_subsys_handle *ssh, const enum nf_conntrack_query qt, const void *data, void *buffer, unsigned int size)
int	nfexp_parse_expect (enum nf_conntrack_msg_type type, const struct nlmsghdr *nlh, struct nf_expect *exp)

Detailed Description

Function Documentation

int nfct_build_conntrack	(	struct nfnl_subsys_handle *	ssh,
		void *	req,
		size_t	size,
		uint16_t	type,
		uint16_t	flags,
		const struct nf_conntrack *	ct
	)

nfct_build_conntrack - build a netlink message from a conntrack object

Parameters

ssh	nfnetlink subsystem handler
req	buffer used to build the netlink message
size	size of the buffer passed
type	netlink message type
flags	netlink flags
ct	pointer to a conntrack object

This is a low level function for those that require to be close to netlink details via libnfnetlink. If you do want to obviate the netlink details then we suggest you to use nfct_query.

On error, -1 is returned and errno is appropiately set. On success, 0 is returned.

Definition at line 770 of file conntrack/api.c.

int nfct_build_query	(	struct nfnl_subsys_handle *	ssh,
		const enum nf_conntrack_query	qt,
		const void *	data,
		void *	buffer,
		unsigned int	size
	)

nfct_build_query - build a query in netlink message format for ctnetlink

Parameters

ssh	nfnetlink subsystem handler
qt	query type
data	data required to build the query
req	buffer to build the netlink message
size	size of the buffer passed

This is a low level function, use it if you want to require to work with netlink details via libnfnetlink, otherwise we suggest you to use nfct_query.

The pointer to data can be a conntrack object or the protocol family depending on the request.

For query types:

• NFCT_Q_CREATE: add a new conntrack, if it exists, fail
• NFCT_O_CREATE_UPDATE: add a new conntrack, if it exists, update it
• NFCT_Q_UPDATE: update a conntrack
• NFCT_Q_DESTROY: destroy a conntrack
• NFCT_Q_GET: get a conntrack

Pass a valid pointer to a conntrack object.

For query types:

• NFCT_Q_FLUSH: flush the conntrack table
• NFCT_Q_DUMP: dump the conntrack table
• NFCT_Q_DUMP_RESET: dump the conntrack table and reset counters
• NFCT_Q_DUMP_FILTER: dump the conntrack table
• NFCT_Q_DUMP_FILTER_RESET: dump the conntrack table and reset counters

Pass a valid pointer to the protocol family (uint32_t)

On success, 0 is returned. On error, -1 is returned and errno is set appropiately.

Definition at line 874 of file conntrack/api.c.

int nfct_parse_conntrack	(	enum nf_conntrack_msg_type	type,
		const struct nlmsghdr *	nlh,
		struct nf_conntrack *	ct
	)

nfct_parse_conntrack - translate a netlink message to a conntrack object

Parameters

type	do the translation iif the message type is of a certain type
nlh	pointer to the netlink message
ct	pointer to the conntrack object

This is a low level function, use it in case that you require to work with netlink details via libnfnetlink. Otherwise, we suggest you to use the high level API.

The message types are:

• NFCT_T_NEW: parse messages with new conntracks
• NFCT_T_UPDATE: parse messages with conntrack updates
• NFCT_T_DESTROY: parse messages with conntrack destroy
• NFCT_T_ALL: all message types

The message type is a flag, therefore the can be combined, ie. NFCT_T_NEW | NFCT_T_DESTROY to parse only new and destroy messages

On error, NFCT_T_ERROR is returned and errno is set appropiately. If the message received is not of the requested type then 0 is returned, otherwise this function returns the message type parsed.

Definition at line 907 of file conntrack/api.c.

int nfexp_build_expect	(	struct nfnl_subsys_handle *	ssh,
		void *	req,
		size_t	size,
		uint16_t	type,
		uint16_t	flags,
		const struct nf_expect *	exp
	)

nfexp_build_expect - build a netlink message from a conntrack object

Parameters

ssh	nfnetlink subsystem handler
req	buffer used to build the netlink message
size	size of the buffer passed
type	netlink message type
flags	netlink flags
exp	pointer to a conntrack object

This is a low level function for those that require to be close to netlink details via libnfnetlink. If you do want to obviate the netlink details then we suggest you to use nfexp_query.

On error, -1 is returned and errno is appropiately set. On success, 0 is returned.

Definition at line 504 of file expect/api.c.

int nfexp_build_query	(	struct nfnl_subsys_handle *	ssh,
		const enum nf_conntrack_query	qt,
		const void *	data,
		void *	buffer,
		unsigned int	size
	)

nfexp_build_query - build a query in netlink message format for ctnetlink

Parameters

ssh	nfnetlink subsystem handler
qt	query type
data	data required to build the query
req	buffer to build the netlink message
size	size of the buffer passed

This is a low level function, use it if you want to require to work with netlink details via libnfnetlink, otherwise we suggest you to use nfexp_query.

The pointer to data can be a conntrack object or the protocol family depending on the request.

For query types: NFEXP_Q_CREATE NFEXP_Q_DESTROY

Pass a valid pointer to an expectation object.

For query types: NFEXP_Q_FLUSH NFEXP_Q_DUMP

Pass a valid pointer to the protocol family (uint8_t)

On success, 0 is returned. On error, -1 is returned and errno is set appropiately.

Definition at line 588 of file expect/api.c.

int nfexp_parse_expect	(	enum nf_conntrack_msg_type	type,
		const struct nlmsghdr *	nlh,
		struct nf_expect *	exp
	)

nfexp_parse_expect - translate a netlink message to a conntrack object

Parameters

type	do the translation iif the message type is of a certain type
nlh	pointer to the netlink message
exp	pointer to the conntrack object

This is a low level function, use it in case that you require to work with netlink details via libnfnetlink. Otherwise, we suggest you to use the high level API.

The message types are:

NFEXP_T_NEW: parse messages with new conntracks NFEXP_T_UPDATE: parse messages with conntrack updates NFEXP_T_DESTROY: parse messages with conntrack destroy NFEXP_T_ALL: all message types

The message type is a flag, therefore the can be combined, ie. NFEXP_T_NEW | NFEXP_T_DESTROY to parse only new and destroy messages

On error, NFEXP_T_ERROR is returned and errno is set appropiately. If the message received is not of the requested type then 0 is returned, otherwise this function returns the message type parsed.

Definition at line 621 of file expect/api.c.