#include <sys/queue.h>

Include dependency graph for nftnlrdr_misc.h:

This graph shows which files directly or indirectly include this file:

Classes
struct	rule_t

Macros
#define	NFT_DESCR_SIZE 1024

#define	debug_rule(rule)

Typedefs
typedef struct rule_t	rule_t

Functions
	LIST_HEAD (rule_list, rule_t)

int	nft_mnl_connect (void)

void	nft_mnl_disconnect (void)

int	nft_send_rule (struct nftnl_rule *rule, uint16_t cmd, enum rule_chain_type type)

struct nftnl_rule *	rule_set_dnat (uint8_t family, const char ifname, uint8_t proto, in_addr_t rhost, unsigned short eport, in_addr_t ihost, uint32_t iport, const char descr, const char *handle)

struct nftnl_rule *	rule_set_snat (uint8_t family, uint8_t proto, in_addr_t rhost, unsigned short rport, in_addr_t ehost, unsigned short eport, in_addr_t ihost, unsigned short iport, const char descr, const char handle)

struct nftnl_rule *	rule_set_filter (uint8_t family, const char ifname, uint8_t proto, in_addr_t rhost, in_addr_t iaddr, unsigned short eport, unsigned short iport, unsigned short rport, const char descr, const char *handle)

struct nftnl_rule *	rule_set_filter6 (uint8_t family, const char ifname, uint8_t proto, struct in6_addr rhost6, struct in6_addr iaddr6, unsigned short eport, unsigned short iport, unsigned short rport, const char descr, const char *handle)

struct nftnl_rule *	rule_set_filter_common (struct nftnl_rule r, uint8_t family, const char ifname, uint8_t proto, unsigned short eport, unsigned short iport, unsigned short rport, const char descr, const char handle)

struct nftnl_rule *	rule_del_handle (rule_t *r)

int	refresh_nft_cache_filter (void)

int	refresh_nft_cache_redirect (void)

int	refresh_nft_cache_peer (void)

int	refresh_nft_cache (struct rule_list head, const char table, const char *chain, uint32_t family, enum rule_type type)

int	table_op (enum nf_tables_msg_types op, uint16_t family, const char *name)

int	chain_op (enum nf_tables_msg_types op, uint16_t family, const char table, const char name, const char *type, uint32_t hooknum, signed int priority)

struct mnl_nlmsg_batch *	start_batch (char *buf, size_t buf_size)

int	send_batch (struct mnl_nlmsg_batch *batch)

Variables
const char *	nft_table

const char *	nft_prerouting_chain

const char *	nft_postrouting_chain

const char *	nft_forward_chain

struct rule_list	head_filter

struct rule_list	head_redirect

struct rule_list	head_peer

Macro Definition Documentation

◆ debug_rule

#define debug_rule ( rule )

◆ NFT_DESCR_SIZE

#define NFT_DESCR_SIZE 1024

Typedef Documentation

◆ rule_t

typedef struct rule_t rule_t

Enumeration Type Documentation

◆ rule_chain_type

enum rule_chain_type

Enumerator
RULE_CHAIN_FILTER
RULE_CHAIN_PEER
RULE_CHAIN_REDIRECT

◆ rule_reg_type

enum rule_reg_type

Enumerator
RULE_REG_NONE
RULE_REG_IIF
RULE_REG_OIF
RULE_REG_IP_SRC_ADDR
RULE_REG_IP_DEST_ADDR
RULE_REG_IP_SD_ADDR
RULE_REG_IP6_SRC_ADDR
RULE_REG_IP6_DEST_ADDR
RULE_REG_IP6_SD_ADDR
RULE_REG_IP_PROTO
RULE_REG_IP6_PROTO
RULE_REG_TCP_DPORT
RULE_REG_TCP_SD_PORT
RULE_REG_IMM_VAL
RULE_REG_MAX

◆ rule_type

enum rule_type

Enumerator
RULE_NONE
RULE_NAT
RULE_FILTER
RULE_COUNTER

Function Documentation

◆ chain_op()

int chain_op	(	enum nf_tables_msg_types	op,
		uint16_t	family,
		const char *	table,
		const char *	name,
		const char *	type,
		uint32_t	hooknum,
		signed int	priority
	)

◆ LIST_HEAD()

LIST_HEAD	(	rule_list	,
		rule_t
	)

◆ nft_mnl_connect()

int nft_mnl_connect ( void )

called at initialization. establishes persistent connection to mnl/netfilter socket, needs elevated privilege

◆ nft_mnl_disconnect()

void nft_mnl_disconnect ( void )

called at shutdown, to release the mnl/netfilter socket

◆ nft_send_rule()

int nft_send_rule	(	struct nftnl_rule *	rule,
		uint16_t	cmd,
		enum rule_chain_type	type
	)

◆ refresh_nft_cache()

int refresh_nft_cache	(	struct rule_list *	head,
		const char *	table,
		const char *	chain,
		uint32_t	family,
		enum rule_type	type
	)

◆ refresh_nft_cache_filter()

int refresh_nft_cache_filter ( void )

◆ refresh_nft_cache_peer()

int refresh_nft_cache_peer ( void )

◆ refresh_nft_cache_redirect()

int refresh_nft_cache_redirect ( void )

◆ rule_del_handle()

struct nftnl_rule* rule_del_handle ( rule_t * r )

◆ rule_set_dnat()

struct nftnl_rule* rule_set_dnat	(	uint8_t	family,
		const char *	ifname,
		uint8_t	proto,
		in_addr_t	rhost,
		unsigned short	eport,
		in_addr_t	ihost,
		uint32_t	iport,
		const char *	descr,
		const char *	handle
	)

◆ rule_set_filter()

struct nftnl_rule* rule_set_filter	(	uint8_t	family,
		const char *	ifname,
		uint8_t	proto,
		in_addr_t	rhost,
		in_addr_t	iaddr,
		unsigned short	eport,
		unsigned short	iport,
		unsigned short	rport,
		const char *	descr,
		const char *	handle
	)

◆ rule_set_filter6()

struct nftnl_rule* rule_set_filter6	(	uint8_t	family,
		const char *	ifname,
		uint8_t	proto,
		struct in6_addr *	rhost6,
		struct in6_addr *	iaddr6,
		unsigned short	eport,
		unsigned short	iport,
		unsigned short	rport,
		const char *	descr,
		const char *	handle
	)

◆ rule_set_filter_common()

struct nftnl_rule* rule_set_filter_common	(	struct nftnl_rule *	r,
		uint8_t	family,
		const char *	ifname,
		uint8_t	proto,
		unsigned short	eport,
		unsigned short	iport,
		unsigned short	rport,
		const char *	descr,
		const char *	handle
	)

◆ rule_set_snat()

struct nftnl_rule* rule_set_snat	(	uint8_t	family,
		uint8_t	proto,
		in_addr_t	rhost,
		unsigned short	rport,
		in_addr_t	ehost,
		unsigned short	eport,
		in_addr_t	ihost,
		unsigned short	iport,
		const char *	descr,
		const char *	handle
	)

◆ send_batch()

int send_batch ( struct mnl_nlmsg_batch * batch )

return codes : 0 : OK -1 : netlink not connected -2 : mnl_socket_sendto() error -3 : mnl_socket_recvfrom() error -4 : mnl_cb_run() error

◆ start_batch()

struct mnl_nlmsg_batch* start_batch	(	char *	buf,
		size_t	buf_size
	)

the buffer that you have to use to store the batch must be double of MNL_SOCKET_BUFFER_SIZE

See also: https://www.netfilter.org/projects/libmnl/doxygen/html/group__batch.html

◆ table_op()

int table_op	(	enum nf_tables_msg_types	op,
		uint16_t	family,
		const char *	name
	)

Variable Documentation

◆ head_filter

struct rule_list head_filter

◆ head_peer

struct rule_list head_peer

◆ head_redirect

struct rule_list head_redirect

◆ nft_forward_chain

const char* nft_forward_chain

◆ nft_postrouting_chain

const char* nft_postrouting_chain

◆ nft_prerouting_chain

const char* nft_prerouting_chain

◆ nft_table

const char* nft_table

Enumerations
enum	rule_reg_type { RULE_REG_NONE, RULE_REG_IIF, RULE_REG_OIF, RULE_REG_IP_SRC_ADDR, RULE_REG_IP_DEST_ADDR, RULE_REG_IP_SD_ADDR, RULE_REG_IP6_SRC_ADDR, RULE_REG_IP6_DEST_ADDR, RULE_REG_IP6_SD_ADDR, RULE_REG_IP_PROTO, RULE_REG_IP6_PROTO, RULE_REG_TCP_DPORT, RULE_REG_TCP_SD_PORT, RULE_REG_IMM_VAL, RULE_REG_MAX }

enum	rule_type { RULE_NONE, RULE_NAT, RULE_FILTER, RULE_COUNTER }

enum	rule_chain_type { RULE_CHAIN_FILTER, RULE_CHAIN_PEER, RULE_CHAIN_REDIRECT }

Classes

Macros

Typedefs

Enumerations

Functions

Variables