1\section{IP Filter} 2 3% Short description/overview of module functions 4This module allows the user to add and remove filters. The user can filter packets based on interface, protocol, outgoing address, outgoing netmask, incomming address, incomming netmask, outgoing port, incomming port, priority and type of service. There are four types of filters: ACCEPT, PRIORITY, REJECT, DROP. When creating a PRIORITY filter, it is necessary to give a priority value in a range between '-10' and '10', '0' as default priority. 5 6 7\subsection{pico$\_$ipv4$\_$filter$\_$add} 8 9\subsubsection*{Description} 10Function to add a filter. 11 12\subsubsection*{Function prototype} 13\begin{verbatim} 14int pico_ipv4_filter_add(struct pico_device *dev, uint8_t proto, 15 struct pico_ip4 out_addr, struct pico_ip4 out_addr_netmask, 16 struct pico_ip4 in_addr, struct pico_ip4 in_addr_netmask, uint16_t out_port, 17 uint16_t in_port, int8_t priority, uint8_t tos, enum filter_action action); 18\end{verbatim} 19 20\subsubsection*{Parameters} 21\begin{itemize}[noitemsep] 22\item \texttt{dev} - interface to be filtered 23\item \texttt{proto} - protocol to be filtered 24\item \texttt{out$\_$addr} - outgoing address to be filtered 25\item \texttt{out$\_$addr$\_$netmask} - outgoing address-netmask to be filtered 26\item \texttt{in$\_$addr} - incomming address to be filtered 27\item \texttt{in$\_$addr$\_$netmask} - incomming address-netmask to be filtered 28\item \texttt{out$\_$port} - outgoing port to be filtered 29\item \texttt{in$\_$port} - incomming port to be filtered 30\item \texttt{priority} - priority to assign on the marked packet 31\item \texttt{tos} - type of service to be filtered 32\item \texttt{action} - type of action for the filter: ACCEPT, PRIORITY, REJECT and DROP. ACCEPT, filters all packets selected by the filter. PRIORITY is not yet implemented. REJECT drops all packets and send an ICMP message 'Packet Filtered' (Communication Administratively Prohibited). DROP will discard the packet silently. 33\end{itemize} 34 35\subsubsection*{Return value} 36On success, this call returns the filter$\_$id from the generated filter. This id must be used when deleting the filter. 37On error, -1 is returned and \texttt{pico$\_$err} is set appropriately. 38 39\subsubsection*{Example} 40\begin{verbatim} 41/* block all incoming traffic on port 5555 */ 42filter_id = pico_ipv4_filter_add(NULL, 6, NULL, NULL, NULL, NULL, 0, 5555, 43 0, 0, FILTER_REJECT); 44\end{verbatim} 45 46\subsubsection*{Errors} 47 48\begin{itemize}[noitemsep] 49\item \texttt{PICO$\_$ERR$\_$EINVAL} - invalid argument 50\end{itemize} 51 52 53\subsection{pico$\_$ipv4$\_$filter$\_$del} 54 55\subsubsection*{Description} 56Function to delete a filter. 57 58\subsubsection*{Function prototype} 59\begin{verbatim} 60int pico_ipv4_filter_del(int filter_id) 61\end{verbatim} 62 63\subsubsection*{Parameters} 64\begin{itemize}[noitemsep] 65\item \texttt{filter$\_$id} - the id of the filter you want to delete. 66\end{itemize} 67 68\subsubsection*{Return value} 69On success, this call returns 0. 70On error, -1 is returned and \texttt{pico$\_$err} is set appropriately. 71 72\subsubsection*{Errors} 73 74\begin{itemize}[noitemsep] 75\item \texttt{PICO$\_$ERR$\_$EINVAL} - invalid argument 76\item \texttt{PICO$\_$ERR$\_$EPERM} - operation not permitted 77\end{itemize} 78 79\subsubsection*{Example} 80\begin{verbatim} 81ret = pico_ipv4_filter_del(filter_id); 82\end{verbatim} 83 84 85%\subsubsection*{Parameters} 86%\subsubsection*{Return value} 87%\subsubsection*{Errors} 88%\subsubsection*{Example} 89 90