Functions
struct nf_conntrack *	nfct_new (void)

void	nfct_destroy (struct nf_conntrack *ct)

size_t	nfct_sizeof (const struct nf_conntrack *ct)

size_t	nfct_maxsize (void)

struct nf_conntrack *	nfct_clone (const struct nf_conntrack *ct)

int	nfct_setobjopt (struct nf_conntrack *ct, unsigned int option)

int	nfct_getobjopt (const struct nf_conntrack *ct, unsigned int option)

void	nfct_set_attr_l (struct nf_conntrack ct, const enum nf_conntrack_attr type, const void value, size_t len)

void	nfct_set_attr (struct nf_conntrack ct, const enum nf_conntrack_attr type, const void value)

void	nfct_set_attr_u8 (struct nf_conntrack *ct, const enum nf_conntrack_attr type, uint8_t value)

void	nfct_set_attr_u16 (struct nf_conntrack *ct, const enum nf_conntrack_attr type, uint16_t value)

void	nfct_set_attr_u32 (struct nf_conntrack *ct, const enum nf_conntrack_attr type, uint32_t value)

void	nfct_set_attr_u64 (struct nf_conntrack *ct, const enum nf_conntrack_attr type, uint64_t value)

const void *	nfct_get_attr (const struct nf_conntrack *ct, const enum nf_conntrack_attr type)

uint8_t	nfct_get_attr_u8 (const struct nf_conntrack *ct, const enum nf_conntrack_attr type)

uint16_t	nfct_get_attr_u16 (const struct nf_conntrack *ct, const enum nf_conntrack_attr type)

uint32_t	nfct_get_attr_u32 (const struct nf_conntrack *ct, const enum nf_conntrack_attr type)

uint64_t	nfct_get_attr_u64 (const struct nf_conntrack *ct, const enum nf_conntrack_attr type)

int	nfct_attr_is_set (const struct nf_conntrack *ct, const enum nf_conntrack_attr type)

int	nfct_attr_is_set_array (const struct nf_conntrack ct, const enum nf_conntrack_attr type_array, int size)

int	nfct_attr_unset (struct nf_conntrack *ct, const enum nf_conntrack_attr type)

void	nfct_set_attr_grp (struct nf_conntrack ct, const enum nf_conntrack_attr_grp type, const void data)

int	nfct_get_attr_grp (const struct nf_conntrack ct, const enum nf_conntrack_attr_grp type, void data)

int	nfct_attr_grp_is_set (const struct nf_conntrack *ct, const enum nf_conntrack_attr_grp type)

int	nfct_attr_grp_unset (struct nf_conntrack *ct, const enum nf_conntrack_attr_grp type)

int	nfct_snprintf (char buf, unsigned int size, const struct nf_conntrack ct, unsigned int msg_type, unsigned int out_type, unsigned int flags)

int	nfct_snprintf_labels (char buf, unsigned int size, const struct nf_conntrack ct, unsigned int msg_type, unsigned int out_type, unsigned int flags, struct nfct_labelmap *map)

int	nfct_compare (const struct nf_conntrack ct1, const struct nf_conntrack ct2)

int	nfct_cmp (const struct nf_conntrack ct1, const struct nf_conntrack ct2, unsigned int flags)

void	nfct_copy (struct nf_conntrack ct1, const struct nf_conntrack ct2, unsigned int flags)

void	nfct_copy_attr (struct nf_conntrack ct1, const struct nf_conntrack ct2, const enum nf_conntrack_attr type)

Detailed Description

Function Documentation

int nfct_attr_grp_is_set	(	const struct nf_conntrack *	ct,
		const enum nf_conntrack_attr_grp	type
	)

nfct_attr_grp_is_set - check if an attribute group is set

Parameters

ct	pointer to a valid conntrack object
type	attribute group (see ATTR_GRP_*)

If the attribute group is set, this function returns 1, otherwise 0.

Definition at line 694 of file conntrack/api.c.

int nfct_attr_grp_unset	(	struct nf_conntrack *	ct,
		const enum nf_conntrack_attr_grp	type
	)

nfct_attr_grp_unset - unset an attribute group

Parameters

ct	pointer to a valid conntrack object
type	attribute group (see ATTR_GRP_*)

On error, it returns -1 and errno is appropriately set. On success, this function returns 0.

Definition at line 730 of file conntrack/api.c.

int nfct_attr_is_set	(	const struct nf_conntrack *	ct,
		const enum nf_conntrack_attr	type
	)

nfct_attr_is_set - check if a certain attribute is set

Parameters

ct	pointer to a valid conntrack object
type	attribute type

On error, -1 is returned and errno is set appropiately, otherwise the value of the attribute is returned.

Definition at line 558 of file conntrack/api.c.

int nfct_attr_is_set_array	(	const struct nf_conntrack *	ct,
		const enum nf_conntrack_attr *	type_array,
		int	size
	)

nfct_attr_is_set_array - check if an array of attribute types is set

Parameters

ct	pointer to a valid conntrack object
array	attribute type array
size	size of the array

On error, -1 is returned and errno is set appropiately, otherwise the value of the attribute is returned.

Definition at line 579 of file conntrack/api.c.

int nfct_attr_unset	(	struct nf_conntrack *	ct,
		const enum nf_conntrack_attr	type
	)

nfct_attr_unset - unset a certain attribute

Parameters

type	attribute type
ct	pointer to a valid conntrack object

On error, -1 is returned and errno is set appropiately, otherwise 0 is returned.

Definition at line 606 of file conntrack/api.c.

struct nf_conntrack* nfct_clone ( const struct nf_conntrack * ct )

nfct_clone - clone a conntrack object

Parameters

ct	pointer to a valid conntrack object

On error, NULL is returned and errno is appropiately set. Otherwise, a valid pointer to the clone conntrack is returned.

Definition at line 147 of file conntrack/api.c.

int nfct_cmp	(	const struct nf_conntrack *	ct1,
		const struct nf_conntrack *	ct2,
		unsigned int	flags
	)

nfct_cmp - compare two conntrack objects

Parameters

ct1	pointer to a valid conntrack object
ct2	pointer to a valid conntrack object
flags	flags

This function only compare attribute set in both objects, by default the comparison is not strict, ie. if a certain attribute is not set in one of the objects, then such attribute is not used in the comparison. If you want more strict comparisons, you can use the appropriate flags to modify this behaviour (see NFCT_CMP_STRICT and NFCT_CMP_MASK).

The available flags are:

    - NFCT_CMP_STRICT: the compared objects must have the same attributes
    and the same values, otherwise it returns that the objects are 
    different.
    - NFCT_CMP_MASK: the first object is used as mask, this means that 
    if an attribute is present in ct1 but not in ct2, this function 
    returns that the objects are different.
    - NFCT_CMP_ALL: full comparison of both objects
    - NFCT_CMP_ORIG: it only compares the source and destination address;
    source and destination ports; the layer 3 and 4 protocol numbers
    of the original direction; and the id (if present).
    - NFCT_CMP_REPL: like NFCT_CMP_REPL but it compares the flow
    information that goes in the reply direction.
    - NFCT_CMP_TIMEOUT_EQ: timeout(ct1) == timeout(ct2)
    - NFCT_CMP_TIMEOUT_GT: timeout(ct1) > timeout(ct2)
    - NFCT_CMP_TIMEOUT_LT: timeout(ct1) < timeout(ct2)
    - NFCT_CMP_TIMEOUT_GE: timeout(ct1) >= timeout(ct2)
    - NFCT_CMP_TIMEOUT_LE: timeout(ct1) <= timeout(ct2)

The status bits comparison is status(ct1) & status(ct2) == status(ct1).

If both conntrack object are equal, this function returns 1, otherwise 0 is returned.

Definition at line 1175 of file conntrack/api.c.

int nfct_compare	(	const struct nf_conntrack *	ct1,
		const struct nf_conntrack *	ct2
	)

nfct_compare - compare two conntrack objects

Parameters

ct1	pointer to a valid conntrack object
ct2	pointer to a valid conntrack object

This function only compare attribute set in both objects, ie. if a certain attribute is not set in ct1 but it is in ct2, then the value of such attribute is not used in the comparison.

If both conntrack object are equal, this function returns 1, otherwise 0 is returned.

NOTICE: The use nfct_cmp is preferred.

Definition at line 1129 of file conntrack/api.c.

void nfct_copy	(	struct nf_conntrack *	ct1,
		const struct nf_conntrack *	ct2,
		unsigned int	flags
	)

nfct_copy - copy part of one source object to another

Parameters

ct1	destination object
ct2	source object
flags	flags

This function copies one part of the source object to the target. It behaves like clone but:

1) You have to pass an already allocated space for the target object 2) You can copy only a part of the source object to the target

The current supported flags are:

NFCT_CP_ALL: that copies the object entirely.
NFCT_CP_ORIG and NFCT_CP_REPL: that can be used to copy the information that identifies a flow in the original and the reply direction. This information is usually composed of: source and destination IP address; source and destination ports; layer 3 and 4 protocol number.
NFCT_CP_META: that copies the metainformation (all the attributes >= ATTR_TCP_STATE)

NFCT_CP_OVERRIDE: changes the default behaviour of nfct_copy() since it overrides the destination object. After the copy, the destination is a clone of the origin. This flag provides faster copying.

Definition at line 1210 of file conntrack/api.c.

void nfct_copy_attr	(	struct nf_conntrack *	ct1,
		const struct nf_conntrack *	ct2,
		const enum nf_conntrack_attr	type
	)

nfct_copy_attr - copy an attribute of one source object to another

Parameters

ct1	destination object
ct2	source object
flags	flags

This function copies one attribute (if present) to another object.

Definition at line 1300 of file conntrack/api.c.

void nfct_destroy ( struct nf_conntrack * ct )

nf_conntrack_destroy - release a conntrack object

Parameters

ct	pointer to the conntrack object

Definition at line 92 of file conntrack/api.c.

const void* nfct_get_attr	(	const struct nf_conntrack *	ct,
		const enum nf_conntrack_attr	type
	)

nfct_get_attr - get a conntrack attribute

Parameters

ct	pointer to a valid conntrack
type	attribute type

In case of success a valid pointer to the attribute requested is returned, on error NULL is returned and errno is set appropiately.

Definition at line 466 of file conntrack/api.c.

int nfct_get_attr_grp	(	const struct nf_conntrack *	ct,
		const enum nf_conntrack_attr_grp	type,
		void *	data
	)

nfct_get_attr_grp - get an attribute group

Parameters

ct	pointer to a valid conntrack object
type	attribute group (see ATTR_GRP_*)
data	pointer to struct (see struct nfct_attr_grp_*)

On error, it returns -1 and errno is appropriately set. On success, the data pointer contains the attribute group.

Definition at line 654 of file conntrack/api.c.

uint16_t nfct_get_attr_u16	(	const struct nf_conntrack *	ct,
		const enum nf_conntrack_attr	type
	)

nfct_get_attr_u16 - get attribute of unsigned 16-bits long

Parameters

ct	pointer to a valid conntrack
type	attribute type

Returns the value of the requested attribute, if the attribute is not set, 0 is returned. In order to check if the attribute is set or not, use nfct_attr_is_set.

Definition at line 511 of file conntrack/api.c.

uint32_t nfct_get_attr_u32	(	const struct nf_conntrack *	ct,
		const enum nf_conntrack_attr	type
	)

nfct_get_attr_u32 - get attribute of unsigned 32-bits long

Parameters

ct	pointer to a valid conntrack
type	attribute type

Returns the value of the requested attribute, if the attribute is not set, 0 is returned. In order to check if the attribute is set or not, use nfct_attr_is_set.

Definition at line 527 of file conntrack/api.c.

uint64_t nfct_get_attr_u64	(	const struct nf_conntrack *	ct,
		const enum nf_conntrack_attr	type
	)

nfct_get_attr_u64 - get attribute of unsigned 32-bits long

Parameters

ct	pointer to a valid conntrack
type	attribute type

Returns the value of the requested attribute, if the attribute is not set, 0 is returned. In order to check if the attribute is set or not, use nfct_attr_is_set.

Definition at line 543 of file conntrack/api.c.

uint8_t nfct_get_attr_u8	(	const struct nf_conntrack *	ct,
		const enum nf_conntrack_attr	type
	)

nfct_get_attr_u8 - get attribute of unsigned 8-bits long

Parameters

ct	pointer to a valid conntrack
type	attribute type

Returns the value of the requested attribute, if the attribute is not set, 0 is returned. In order to check if the attribute is set or not, use nfct_attr_is_set.

Definition at line 495 of file conntrack/api.c.

int nfct_getobjopt	(	const struct nf_conntrack *	ct,
		unsigned int	option
	)

nfct_getobjopt - get a certain option for a conntrack object

Parameters

ct	conntrack object
option	option parameter

In case of error, -1 is returned and errno is appropiately set. On success, 0 is returned.

Definition at line 188 of file conntrack/api.c.

size_t nfct_maxsize ( void )

nfct_maxsize - return the maximum size in bytes of a conntrack object

Use this function if you want to allocate a conntrack object in the stack instead of the heap. For example:

        char buf[nfct_maxsize()];
        struct nf_conntrack *ct = (struct nf_conntrack *) buf;
        memset(ct, 0, nfct_maxsize());

Note: As for now this function returns the same size that nfct_sizeof(ct) does although this could change in the future. Therefore, do not assume that nfct_sizeof(ct) == nfct_maxsize().

This function is DEPRECATED, don't use it in your code.

Definition at line 135 of file conntrack/api.c.

struct nf_conntrack* nfct_new ( void )

nfct_conntrack_new - allocate a new conntrack

In case of success, this function returns a valid pointer to a memory blob, otherwise NULL is returned and errno is set appropiately.

Definition at line 75 of file conntrack/api.c.

void nfct_set_attr	(	struct nf_conntrack *	ct,
		const enum nf_conntrack_attr	type,
		const void *	value
	)

nfct_set_attr - set the value of a certain conntrack attribute

Parameters

ct	pointer to a valid conntrack
type	attribute type
value	pointer to the attribute value

Note that certain attributes are unsettable:

ATTR_USE
ATTR_ID
ATTR_*_COUNTER_*

ATTR_SECCTX

ATTR_TIMESTAMP_* The call of this function for such attributes do nothing.

Definition at line 398 of file conntrack/api.c.

void nfct_set_attr_grp	(	struct nf_conntrack *	ct,
		const enum nf_conntrack_attr_grp	type,
		const void *	data
	)

nfct_set_attr_grp - set a group of attributes

Parameters

ct	pointer to a valid conntrack object
type	attribute group (see ATTR_GRP_*)
data	pointer to struct (see struct nfct_attr_grp_*)

Note that calling this function for ATTR_GRP_COUNTER_* and ATTR_GRP_ADDR_* have no effect.

Definition at line 629 of file conntrack/api.c.

void nfct_set_attr_l	(	struct nf_conntrack *	ct,
		const enum nf_conntrack_attr	type,
		const void *	value,
		size_t	len
	)

nfct_set_attr_l - set the value of a certain conntrack attribute

Parameters

ct	pointer to a valid conntrack
type	attribute type
pointer	to attribute value
length	of attribute value (in bytes)

Definition at line 369 of file conntrack/api.c.

void nfct_set_attr_u16	(	struct nf_conntrack *	ct,
		const enum nf_conntrack_attr	type,
		uint16_t	value
	)

nfct_set_attr_u16 - set the value of a certain conntrack attribute

Parameters

ct	pointer to a valid conntrack
type	attribute type
value	unsigned 16 bits attribute value

Definition at line 425 of file conntrack/api.c.

void nfct_set_attr_u32	(	struct nf_conntrack *	ct,
		const enum nf_conntrack_attr	type,
		uint32_t	value
	)

nfct_set_attr_u32 - set the value of a certain conntrack attribute

Parameters

ct	pointer to a valid conntrack
type	attribute type
value	unsigned 32 bits attribute value

Definition at line 438 of file conntrack/api.c.

void nfct_set_attr_u64	(	struct nf_conntrack *	ct,
		const enum nf_conntrack_attr	type,
		uint64_t	value
	)

nfct_set_attr_u64 - set the value of a certain conntrack attribute

Parameters

ct	pointer to a valid conntrack
type	attribute type
value	unsigned 64 bits attribute value

Definition at line 451 of file conntrack/api.c.

void nfct_set_attr_u8	(	struct nf_conntrack *	ct,
		const enum nf_conntrack_attr	type,
		uint8_t	value
	)

nfct_set_attr_u8 - set the value of a certain conntrack attribute

Parameters

ct	pointer to a valid conntrack
type	attribute type
value	unsigned 8 bits attribute value

Definition at line 412 of file conntrack/api.c.

int nfct_setobjopt	(	struct nf_conntrack *	ct,
		unsigned int	option
	)

nfct_setobjopt - set a certain option for a conntrack object

Parameters

ct	conntrack object
option	option parameter

In case of error, -1 is returned and errno is appropiately set. On success, 0 is returned.

Definition at line 168 of file conntrack/api.c.

size_t nfct_sizeof ( const struct nf_conntrack * ct )

nf_sizeof - return the size in bytes of a certain conntrack object

Parameters

ct	pointer to the conntrack object

This function is DEPRECATED, don't use it in your code.

Definition at line 113 of file conntrack/api.c.

int nfct_snprintf	(	char *	buf,
		unsigned int	size,
		const struct nf_conntrack *	ct,
		unsigned int	msg_type,
		unsigned int	out_type,
		unsigned int	flags
	)

nfct_snprintf - print a conntrack object to a buffer

Parameters

buf	buffer used to build the printable conntrack
size	size of the buffer
ct	pointer to a valid conntrack object
message_type	print message type (NFCT_T_UNKNOWN, NFCT_T_NEW,...)
output_type	print type (NFCT_O_DEFAULT, NFCT_O_XML, ...)
flags	extra flags for the output type (NFCT_OF_LAYER3)

If you are listening to events, probably you want to display the message type as well. In that case, set the message type parameter to any of the known existing types, ie. NFCT_T_NEW, NFCT_T_UPDATE, NFCT_T_DESTROY. If you pass NFCT_T_UNKNOWN, the message type will not be output.

Currently, the output available are:

NFCT_O_DEFAULT: default /proc-like output
NFCT_O_XML: XML output

The output flags are:

NFCT_OF_SHOW_LAYER3: include layer 3 information in the output, this is only required by NFCT_O_DEFAULT.
NFCT_OF_TIME: display current time.
NFCT_OF_ID: display the ID number.
NFCT_OF_TIMESTAMP: display creation and (if exists) deletion time.

To use NFCT_OF_TIMESTAMP, you have to:

 *  $ echo 1 > /proc/sys/net/netfilter/nf_conntrack_timestamp

This requires a Linux kernel >= 2.6.38.

Note that NFCT_OF_TIME displays the current time when nfct_snprintf() has been called. Thus, it can be used to know when a flow was destroy if you print the message just after you receive the destroy event. If you want more accurate timestamping, use NFCT_OF_TIMESTAMP.

This function returns the size of the information that would have been written to the buffer, even if there was no room for it. Thus, the behaviour is similar to snprintf.

Definition at line 1076 of file conntrack/api.c.

int nfct_snprintf_labels	(	char *	buf,
		unsigned int	size,
		const struct nf_conntrack *	ct,
		unsigned int	msg_type,
		unsigned int	out_type,
		unsigned int	flags,
		struct nfct_labelmap *	map
	)

nfct_snprintf_labels - print a bitmask object to a buffer including labels

Parameters

buf	buffer used to build the printable conntrack
size	size of the buffer
ct	pointer to a valid conntrack object
message_type	print message type (NFCT_T_UNKNOWN, NFCT_T_NEW,...)
output_type	print type (NFCT_O_DEFAULT, NFCT_O_XML, ...)
flags	extra flags for the output type (NFCT_OF_LAYER3)
map	nfct_labelmap describing the connlabel translation, or NULL.

When map is NULL, the function is equal to nfct_snprintf(). Otherwise, if the conntrack object has a connlabel attribute, the active labels are translated using the label map and added to the buffer.

Definition at line 1104 of file conntrack/api.c.

Functions

Detailed Description

Function Documentation