1#ifndef _FILTER_H_ 2#define _FILTER_H_ 3 4#include <stdint.h> 5#include <string.h> 6#include <netinet/in.h> 7#include <hash.h> 8 9enum ct_filter_type { 10 CT_FILTER_L4PROTO, 11 CT_FILTER_STATE, 12 CT_FILTER_ADDRESS, /* also for netmask */ 13 CT_FILTER_MAX 14}; 15 16enum ct_filter_logic { 17 CT_FILTER_NEGATIVE = 0, 18 CT_FILTER_POSITIVE = 1, 19}; 20 21struct ct_filter_ipv4_hnode { 22 struct hashtable_node node; 23 uint32_t ip; 24}; 25 26struct ct_filter_ipv6_hnode { 27 struct hashtable_node node; 28 uint32_t ipv6[4]; 29}; 30 31struct ct_filter_netmask_ipv4 { 32 uint32_t ip; 33 uint32_t mask; 34}; 35 36struct ct_filter_netmask_ipv6 { 37 uint32_t ip[4]; 38 uint32_t mask[4]; 39}; 40 41struct nf_conntrack; 42struct ct_filter; 43 44struct ct_filter *ct_filter_create(void); 45void ct_filter_destroy(struct ct_filter *filter); 46int ct_filter_add_ip(struct ct_filter *filter, void *data, uint8_t family); 47int ct_filter_add_netmask(struct ct_filter *filter, void *data, uint8_t family); 48void ct_filter_add_proto(struct ct_filter *filter, int protonum); 49void ct_filter_add_state(struct ct_filter *f, int protonum, int state); 50void ct_filter_set_logic(struct ct_filter *f, 51 enum ct_filter_type type, 52 enum ct_filter_logic logic); 53int ct_filter_conntrack(const struct nf_conntrack *ct, int userspace); 54 55struct exp_filter; 56struct nf_expect; 57 58struct exp_filter *exp_filter_create(void); 59int exp_filter_add(struct exp_filter *f, const char *helper_name); 60int exp_filter_find(struct exp_filter *f, const struct nf_expect *exp); 61 62#endif 63