 |
Zephyr API Documentation 4.3.0-rc2
A Scalable Open Source RTOS
|
|
Zephyr API Documentation 4.3.0-rc2
A Scalable Open Source RTOS
|
Network packet filtering public header file. More...
#include <limits.h>#include <stdbool.h>#include <zephyr/sys/slist.h>#include <zephyr/net/net_core.h>#include <zephyr/net/ethernet.h>Go to the source code of this file.
Data Structures | |
| struct | npf_test |
| common filter test structure to be embedded into larger structures More... | |
| struct | npf_rule |
| filter rule structure More... | |
| struct | npf_rule_list |
| rule set for a given test location More... | |
Macros | |
| #define | NPF_RULE(_name, _result, ...) |
| Statically define one packet filter rule. | |
| #define | NPF_PRIORITY(_name, _priority, ...) |
| #define | NPF_IFACE_MATCH(_name, _iface) |
| Statically define an "interface match" packet filter condition. | |
| #define | NPF_IFACE_UNMATCH(_name, _iface) |
| Statically define an "interface unmatch" packet filter condition. | |
| #define | NPF_ORIG_IFACE_MATCH(_name, _iface) |
| Statically define an "orig interface match" packet filter condition. | |
| #define | NPF_ORIG_IFACE_UNMATCH(_name, _iface) |
| Statically define an "orig interface unmatch" packet filter condition. | |
| #define | NPF_SIZE_MIN(_name, _size) |
| Statically define a "data minimum size" packet filter condition. | |
| #define | NPF_SIZE_MAX(_name, _size) |
| Statically define a "data maximum size" packet filter condition. | |
| #define | NPF_SIZE_BOUNDS(_name, _min_size, _max_size) |
| Statically define a "data bounded size" packet filter condition. | |
| #define | NPF_IP_SRC_ADDR_ALLOWLIST(_name, _ip_addr_array, _ip_addr_num, _af) |
| Statically define a "ip address allowlist" packet filter condition. | |
| #define | NPF_IP_SRC_ADDR_BLOCKLIST(_name, _ip_addr_array, _ip_addr_num, _af) |
| Statically define a "ip address blocklist" packet filter condition. | |
| #define | NPF_ETH_SRC_ADDR_MATCH(_name, _addr_array) |
| Statically define a "source address match" packet filter condition. | |
| #define | NPF_ETH_SRC_ADDR_UNMATCH(_name, _addr_array) |
| Statically define a "source address unmatch" packet filter condition. | |
| #define | NPF_ETH_DST_ADDR_MATCH(_name, _addr_array) |
| Statically define a "destination address match" packet filter condition. | |
| #define | NPF_ETH_DST_ADDR_UNMATCH(_name, _addr_array) |
| Statically define a "destination address unmatch" packet filter condition. | |
| #define | NPF_ETH_SRC_ADDR_MASK_MATCH(_name, _addr_array, ...) |
| Statically define a "source address match with mask" packet filter condition. | |
| #define | NPF_ETH_DST_ADDR_MASK_MATCH(_name, _addr_array, ...) |
| Statically define a "destination address match with mask" packet filter condition. | |
| #define | NPF_ETH_TYPE_MATCH(_name, _type) |
| Statically define an "Ethernet type match" packet filter condition. | |
| #define | NPF_ETH_TYPE_UNMATCH(_name, _type) |
| Statically define an "Ethernet type unmatch" packet filter condition. | |
| #define | NPF_ETH_VLAN_TYPE_MATCH(_name, _type) |
| Statically define an "Ethernet VLAN header type match" packet filter condition. | |
| #define | NPF_ETH_VLAN_TYPE_UNMATCH(_name, _type) |
| Statically define an "Ethernet VLAN header type unmatch" packet filter condition. | |
Typedefs | |
| typedef void(* | npf_rule_cb_t) (struct npf_rule *rule, enum npf_rule_type type, void *user_data) |
| Callback used while iterating over network packet filter rules. | |
Enumerations | |
| enum | npf_rule_type { NPF_RULE_TYPE_UNKNOWN = 0 , NPF_RULE_TYPE_SEND , NPF_RULE_TYPE_RECV , NPF_RULE_TYPE_LOCAL_IN_RECV , NPF_RULE_TYPE_IPV4_RECV , NPF_RULE_TYPE_IPV6_RECV } |
| Type of the packet filter rule. More... | |
Functions | |
| void | npf_insert_rule (struct npf_rule_list *rules, struct npf_rule *rule) |
| Insert a rule at the front of given rule list. | |
| void | npf_append_rule (struct npf_rule_list *rules, struct npf_rule *rule) |
| Append a rule at the end of given rule list. | |
| bool | npf_remove_rule (struct npf_rule_list *rules, struct npf_rule *rule) |
| Remove a rule from the given rule list. | |
| bool | npf_remove_all_rules (struct npf_rule_list *rules) |
| Remove all rules from the given rule list. | |
| void | npf_rules_foreach (npf_rule_cb_t cb, void *user_data) |
| Go through all the network packet filter rules and call callback for each of them. | |
Variables | |
| struct npf_rule | npf_default_ok |
| Default rule list termination for accepting a packet. | |
| struct npf_rule | npf_default_drop |
| Default rule list termination for rejecting a packet. | |
| struct npf_rule_list | npf_send_rules |
| rule list applied to outgoing packets | |
| struct npf_rule_list | npf_recv_rules |
| rule list applied to incoming packets | |
| struct npf_rule_list | npf_local_in_recv_rules |
| rule list applied for local incoming packets | |
| struct npf_rule_list | npf_ipv4_recv_rules |
| rule list applied for IPv4 incoming packets | |
| struct npf_rule_list | npf_ipv6_recv_rules |
| rule list applied for IPv6 incoming packets | |
Network packet filtering public header file.
The network packet filtering provides a mechanism for deciding the fate of an incoming or outgoing packet based on a set of basic rules.
1.14.0