Zephyr API Documentation 4.0.0
A Scalable Open Source RTOS
|
Network packet filtering public header file. More...
#include <limits.h>
#include <stdbool.h>
#include <zephyr/sys/slist.h>
#include <zephyr/net/net_core.h>
#include <zephyr/net/ethernet.h>
Go to the source code of this file.
Data Structures | |
struct | npf_test |
common filter test structure to be embedded into larger structures More... | |
struct | npf_rule |
filter rule structure More... | |
struct | npf_rule_list |
rule set for a given test location More... | |
Macros | |
#define | NPF_RULE(_name, _result, ...) |
Statically define one packet filter rule. | |
#define | NPF_IFACE_MATCH(_name, _iface) |
Statically define an "interface match" packet filter condition. | |
#define | NPF_IFACE_UNMATCH(_name, _iface) |
Statically define an "interface unmatch" packet filter condition. | |
#define | NPF_ORIG_IFACE_MATCH(_name, _iface) |
Statically define an "orig interface match" packet filter condition. | |
#define | NPF_ORIG_IFACE_UNMATCH(_name, _iface) |
Statically define an "orig interface unmatch" packet filter condition. | |
#define | NPF_SIZE_MIN(_name, _size) |
Statically define a "data minimum size" packet filter condition. | |
#define | NPF_SIZE_MAX(_name, _size) |
Statically define a "data maximum size" packet filter condition. | |
#define | NPF_SIZE_BOUNDS(_name, _min_size, _max_size) |
Statically define a "data bounded size" packet filter condition. | |
#define | NPF_IP_SRC_ADDR_ALLOWLIST(_name, _ip_addr_array, _ip_addr_num, _af) |
Statically define a "ip address allowlist" packet filter condition. | |
#define | NPF_IP_SRC_ADDR_BLOCKLIST(_name, _ip_addr_array, _ip_addr_num, _af) |
Statically define a "ip address blocklist" packet filter condition. | |
#define | NPF_ETH_SRC_ADDR_MATCH(_name, _addr_array) |
Statically define a "source address match" packet filter condition. | |
#define | NPF_ETH_SRC_ADDR_UNMATCH(_name, _addr_array) |
Statically define a "source address unmatch" packet filter condition. | |
#define | NPF_ETH_DST_ADDR_MATCH(_name, _addr_array) |
Statically define a "destination address match" packet filter condition. | |
#define | NPF_ETH_DST_ADDR_UNMATCH(_name, _addr_array) |
Statically define a "destination address unmatch" packet filter condition. | |
#define | NPF_ETH_SRC_ADDR_MASK_MATCH(_name, _addr_array, ...) |
Statically define a "source address match with mask" packet filter condition. | |
#define | NPF_ETH_DST_ADDR_MASK_MATCH(_name, _addr_array, ...) |
Statically define a "destination address match with mask" packet filter condition. | |
#define | NPF_ETH_TYPE_MATCH(_name, _type) |
Statically define an "Ethernet type match" packet filter condition. | |
#define | NPF_ETH_TYPE_UNMATCH(_name, _type) |
Statically define an "Ethernet type unmatch" packet filter condition. | |
Functions | |
void | npf_insert_rule (struct npf_rule_list *rules, struct npf_rule *rule) |
Insert a rule at the front of given rule list. | |
void | npf_append_rule (struct npf_rule_list *rules, struct npf_rule *rule) |
Append a rule at the end of given rule list. | |
bool | npf_remove_rule (struct npf_rule_list *rules, struct npf_rule *rule) |
Remove a rule from the given rule list. | |
bool | npf_remove_all_rules (struct npf_rule_list *rules) |
Remove all rules from the given rule list. | |
Variables | |
struct npf_rule | npf_default_ok |
Default rule list termination for accepting a packet. | |
struct npf_rule | npf_default_drop |
Default rule list termination for rejecting a packet. | |
struct npf_rule_list | npf_send_rules |
rule list applied to outgoing packets | |
struct npf_rule_list | npf_recv_rules |
rule list applied to incoming packets | |
struct npf_rule_list | npf_local_in_recv_rules |
rule list applied for local incoming packets | |
struct npf_rule_list | npf_ipv4_recv_rules |
rule list applied for IPv4 incoming packets | |
struct npf_rule_list | npf_ipv6_recv_rules |
rule list applied for IPv6 incoming packets | |
Network packet filtering public header file.
The network packet filtering provides a mechanism for deciding the fate of an incoming or outgoing packet based on a set of basic rules.