Netfilter Library (libnl-nf)

Modules
	Conntrack
	Expectation
	Log
	Queue

Socket Creating
int	nfnl_connect (struct nl_sock *sk)
	Create and connect netfilter netlink socket. More...

Sending
int	nfnl_send_simple (struct nl_sock *sk, uint8_t subsys_id, uint8_t type, int flags, uint8_t family, uint16_t res_id)
	Send trivial netfilter netlink message. More...

Message Parsing
uint8_t	nfnlmsg_subsys (struct nlmsghdr *nlh)
	Get netfilter subsystem id from message. More...
uint8_t	nfnlmsg_subtype (struct nlmsghdr *nlh)
	Get netfilter message type from message. More...
uint8_t	nfnlmsg_family (struct nlmsghdr *nlh)
	Get netfilter family from message. More...
uint16_t	nfnlmsg_res_id (struct nlmsghdr *nlh)
	Get netfilter resource id from message. More...

Message Building
struct nl_msg *	nfnlmsg_alloc_simple (uint8_t subsys_id, uint8_t type, int flags, uint8_t family, uint16_t res_id)
	Allocate a new netfilter netlink message. More...
int	nfnlmsg_put (struct nl_msg *msg, uint32_t pid, uint32_t seq, uint8_t subsys_id, uint8_t type, int flags, uint8_t family, uint16_t res_id)
	Add netlink and netfilter netlink headers to netlink message. More...

Detailed Description

Message Format

 <------- NLMSG_ALIGN(hlen) ------> <---- NLMSG_ALIGN(len) --->
+----------------------------+- - -+- - - - - - - - - - -+- - -+
|           Header           | Pad |       Payload       | Pad |
|      struct nlmsghdr       |     |                     |     |
+----------------------------+- - -+- - - - - - - - - - -+- - -+

 <-------- NFNL_HDRLEN --------->
+--------------------------+- - -+------------+
| Netfilter Netlink Header | Pad | Attributes |
|    struct nfgenmsg       |     |            |
+--------------------------+- - -+------------+
nfnlmsg_attrdata(nfg, hdrlen)-----^

1) Creating a new netfilter netlink message

struct nl_msg *msg;
 
// Create a new empty netlink message
msg = nlmsg_alloc();
 
// Append the netlink and netfilter netlink message header
hdr = nfnlmsg_put(msg, PID, SEQ, SUBSYS, TYPE, NLM_F_ECHO,
                  FAMILY, RES_ID);
 
// Append the attributes.
nla_put_u32(msg, 1, 0x10);
 
// Message is ready to be sent.
nl_send_auto_complete(sk, msg);
 
// All done? Free the message.
nlmsg_free(msg);

2) Sending of trivial messages

// For trivial messages not requiring any subsys specific header or
// attributes, nfnl_send_simple() may be used to send messages directly.
nfnl_send_simple(sk, SUBSYS, TYPE, 0, FAMILY, RES_ID);

Function Documentation

nfnl_connect()

int nfnl_connect

(

struct nl_sock *

sk

)

Create and connect netfilter netlink socket.

Parameters

sk	Netlink socket.

Creates a NETLINK_NETFILTER netlink socket, binds the socket and issues a connection attempt.

See also

nl_connect()

Returns

0 on success or a negative error code.

Definition at line 80 of file nfnl.c.

References nl_connect().

Here is the call graph for this function:

nfnl_send_simple()

int nfnl_send_simple	(	struct nl_sock *	sk,
		uint8_t	subsys_id,
		uint8_t	type,
		int	flags,
		uint8_t	family,
		uint16_t	res_id
	)

Send trivial netfilter netlink message.

Parameters

sk	Netlink socket.
subsys_id	nfnetlink subsystem
type	nfnetlink message type
flags	message flags
family	nfnetlink address family
res_id	nfnetlink resource id

Returns

0 on success or a negative error code. Due to a bug, this function returns the number of bytes sent. Treat any non-negative number as success.

Definition at line 104 of file nfnl.c.

References nl_send_simple().

Referenced by nfnl_ct_dump_request(), and nfnl_exp_dump_request().

Here is the call graph for this function:

Here is the caller graph for this function:

nfnlmsg_subsys()

uint8_t nfnlmsg_subsys

(

struct nlmsghdr *

nlh

)

Get netfilter subsystem id from message.

Parameters

nlh	netlink messsage header

Definition at line 128 of file nfnl.c.

nfnlmsg_subtype()

uint8_t nfnlmsg_subtype

(

struct nlmsghdr *

nlh

)

Get netfilter message type from message.

Parameters

nlh	netlink messsage header

Definition at line 137 of file nfnl.c.

nfnlmsg_family()

uint8_t nfnlmsg_family

(

struct nlmsghdr *

nlh

)

Get netfilter family from message.

Parameters

nlh	netlink messsage header

Definition at line 146 of file nfnl.c.

References nlmsg_data().

Here is the call graph for this function:

nfnlmsg_res_id()

uint16_t nfnlmsg_res_id

(

struct nlmsghdr *

nlh

)

Get netfilter resource id from message.

Parameters

nlh	netlink messsage header

Definition at line 157 of file nfnl.c.

References nlmsg_data().

Here is the call graph for this function:

nfnlmsg_alloc_simple()

struct nl_msg * nfnlmsg_alloc_simple	(	uint8_t	subsys_id,
		uint8_t	type,
		int	flags,
		uint8_t	family,
		uint16_t	res_id
	)

Allocate a new netfilter netlink message.

Parameters

subsys_id	nfnetlink subsystem
type	nfnetlink message type
flags	message flags
family	nfnetlink address family
res_id	nfnetlink resource id

Returns

Newly allocated netlink message or NULL.

Definition at line 197 of file nfnl.c.

References nlmsg_alloc_simple(), and nlmsg_free().

Here is the call graph for this function:

nfnlmsg_put()

int nfnlmsg_put	(	struct nl_msg *	msg,
		uint32_t	pid,
		uint32_t	seq,
		uint8_t	subsys_id,
		uint8_t	type,
		int	flags,
		uint8_t	family,
		uint16_t	res_id
	)

Add netlink and netfilter netlink headers to netlink message.

Parameters

msg	netlink message
pid	netlink process id
seq	sequence number of message
subsys_id	nfnetlink subsystem
type	nfnetlink message type
flags	message flags
family	nfnetlink address family
res_id	nfnetlink resource id

Definition at line 227 of file nfnl.c.

References nlmsg_put().

Here is the call graph for this function: