\section{IP Filter}

% Short description/overview of module functions
This module allows the user to add and remove filters. The user can filter packets based on interface, protocol, outgoing address, outgoing netmask, incomming address, incomming netmask, outgoing port, incomming port, priority and type of service. There are four types of filters: ACCEPT, PRIORITY, REJECT, DROP. When creating a PRIORITY filter, it is necessary to give a priority value in a range between '-10' and '10', '0' as default priority.


\subsection{pico$\_$ipv4$\_$filter$\_$add}

\subsubsection*{Description}
Function to add a filter.

\subsubsection*{Function prototype}
\begin{verbatim}
int pico_ipv4_filter_add(struct pico_device *dev, uint8_t proto,
  struct pico_ip4 out_addr, struct pico_ip4 out_addr_netmask,
  struct pico_ip4 in_addr, struct pico_ip4 in_addr_netmask, uint16_t out_port,
  uint16_t in_port, int8_t priority, uint8_t tos, enum filter_action action);
\end{verbatim}

\subsubsection*{Parameters}
\begin{itemize}[noitemsep]
\item \texttt{dev} - interface to be filtered
\item \texttt{proto} - protocol to be filtered
\item \texttt{out$\_$addr} - outgoing address to be filtered
\item \texttt{out$\_$addr$\_$netmask} - outgoing address-netmask to be filtered
\item \texttt{in$\_$addr} - incomming address to be filtered
\item \texttt{in$\_$addr$\_$netmask} - incomming address-netmask to be filtered
\item \texttt{out$\_$port} - outgoing port to be filtered
\item \texttt{in$\_$port} - incomming port to be filtered
\item \texttt{priority} - priority to assign on the marked packet
\item \texttt{tos} - type of service to be filtered
\item \texttt{action} - type of action for the filter: ACCEPT, PRIORITY, REJECT and DROP. ACCEPT, filters all packets selected by the filter. PRIORITY is not yet implemented. REJECT drops all packets and send an ICMP message 'Packet Filtered' (Communication Administratively Prohibited). DROP will discard the packet silently.
\end{itemize}

\subsubsection*{Return value}
On success, this call returns the filter$\_$id from the generated filter. This id must be used when deleting the filter.
On error, -1 is returned and \texttt{pico$\_$err} is set appropriately.

\subsubsection*{Example}
\begin{verbatim}
/* block all incoming traffic on port 5555 */
filter_id = pico_ipv4_filter_add(NULL, 6, NULL, NULL, NULL, NULL, 0, 5555,
													0, 0, FILTER_REJECT);
\end{verbatim}

\subsubsection*{Errors}

\begin{itemize}[noitemsep]
\item \texttt{PICO$\_$ERR$\_$EINVAL} - invalid argument
\end{itemize}


\subsection{pico$\_$ipv4$\_$filter$\_$del}

\subsubsection*{Description}
Function to delete a filter.

\subsubsection*{Function prototype}
\begin{verbatim}
int pico_ipv4_filter_del(int filter_id)
\end{verbatim}

\subsubsection*{Parameters}
\begin{itemize}[noitemsep]
\item \texttt{filter$\_$id} - the id of the filter you want to delete.
\end{itemize}

\subsubsection*{Return value}
On success, this call returns 0.
On error, -1 is returned and \texttt{pico$\_$err} is set appropriately.

\subsubsection*{Errors}

\begin{itemize}[noitemsep]
\item \texttt{PICO$\_$ERR$\_$EINVAL} - invalid argument
\item \texttt{PICO$\_$ERR$\_$EPERM} - operation not permitted
\end{itemize}

\subsubsection*{Example}
\begin{verbatim}
ret = pico_ipv4_filter_del(filter_id);
\end{verbatim}


%\subsubsection*{Parameters}
%\subsubsection*{Return value}
%\subsubsection*{Errors}
%\subsubsection*{Example}