Zephyr API Documentation 4.0.0
A Scalable Open Source RTOS
Loading...
Searching...
No Matches
net_pkt_filter.h File Reference

Network packet filtering public header file. More...

#include <limits.h>
#include <stdbool.h>
#include <zephyr/sys/slist.h>
#include <zephyr/net/net_core.h>
#include <zephyr/net/ethernet.h>

Go to the source code of this file.

Data Structures

struct  npf_test
 common filter test structure to be embedded into larger structures More...
 
struct  npf_rule
 filter rule structure More...
 
struct  npf_rule_list
 rule set for a given test location More...
 

Macros

#define NPF_RULE(_name, _result, ...)
 Statically define one packet filter rule.
 
#define NPF_IFACE_MATCH(_name, _iface)
 Statically define an "interface match" packet filter condition.
 
#define NPF_IFACE_UNMATCH(_name, _iface)
 Statically define an "interface unmatch" packet filter condition.
 
#define NPF_ORIG_IFACE_MATCH(_name, _iface)
 Statically define an "orig interface match" packet filter condition.
 
#define NPF_ORIG_IFACE_UNMATCH(_name, _iface)
 Statically define an "orig interface unmatch" packet filter condition.
 
#define NPF_SIZE_MIN(_name, _size)
 Statically define a "data minimum size" packet filter condition.
 
#define NPF_SIZE_MAX(_name, _size)
 Statically define a "data maximum size" packet filter condition.
 
#define NPF_SIZE_BOUNDS(_name, _min_size, _max_size)
 Statically define a "data bounded size" packet filter condition.
 
#define NPF_IP_SRC_ADDR_ALLOWLIST(_name, _ip_addr_array, _ip_addr_num, _af)
 Statically define a "ip address allowlist" packet filter condition.
 
#define NPF_IP_SRC_ADDR_BLOCKLIST(_name, _ip_addr_array, _ip_addr_num, _af)
 Statically define a "ip address blocklist" packet filter condition.
 
#define NPF_ETH_SRC_ADDR_MATCH(_name, _addr_array)
 Statically define a "source address match" packet filter condition.
 
#define NPF_ETH_SRC_ADDR_UNMATCH(_name, _addr_array)
 Statically define a "source address unmatch" packet filter condition.
 
#define NPF_ETH_DST_ADDR_MATCH(_name, _addr_array)
 Statically define a "destination address match" packet filter condition.
 
#define NPF_ETH_DST_ADDR_UNMATCH(_name, _addr_array)
 Statically define a "destination address unmatch" packet filter condition.
 
#define NPF_ETH_SRC_ADDR_MASK_MATCH(_name, _addr_array, ...)
 Statically define a "source address match with mask" packet filter condition.
 
#define NPF_ETH_DST_ADDR_MASK_MATCH(_name, _addr_array, ...)
 Statically define a "destination address match with mask" packet filter condition.
 
#define NPF_ETH_TYPE_MATCH(_name, _type)
 Statically define an "Ethernet type match" packet filter condition.
 
#define NPF_ETH_TYPE_UNMATCH(_name, _type)
 Statically define an "Ethernet type unmatch" packet filter condition.
 

Functions

void npf_insert_rule (struct npf_rule_list *rules, struct npf_rule *rule)
 Insert a rule at the front of given rule list.
 
void npf_append_rule (struct npf_rule_list *rules, struct npf_rule *rule)
 Append a rule at the end of given rule list.
 
bool npf_remove_rule (struct npf_rule_list *rules, struct npf_rule *rule)
 Remove a rule from the given rule list.
 
bool npf_remove_all_rules (struct npf_rule_list *rules)
 Remove all rules from the given rule list.
 

Variables

struct npf_rule npf_default_ok
 Default rule list termination for accepting a packet.
 
struct npf_rule npf_default_drop
 Default rule list termination for rejecting a packet.
 
struct npf_rule_list npf_send_rules
 rule list applied to outgoing packets
 
struct npf_rule_list npf_recv_rules
 rule list applied to incoming packets
 
struct npf_rule_list npf_local_in_recv_rules
 rule list applied for local incoming packets
 
struct npf_rule_list npf_ipv4_recv_rules
 rule list applied for IPv4 incoming packets
 
struct npf_rule_list npf_ipv6_recv_rules
 rule list applied for IPv6 incoming packets
 

Detailed Description

Network packet filtering public header file.

The network packet filtering provides a mechanism for deciding the fate of an incoming or outgoing packet based on a set of basic rules.