Struct kernel::net::filter::Registration

source · [−]

pub struct Registration<T: Filter> { /* private fields */ }

Expand description

A registration of a networking filter.

Examples

The following is an example of a function that attaches an inbound filter (that always accepts all packets after printing their lengths) on the specified device (in the init ns).

use kernel::net::{self, filter as netfilter};

struct MyFilter;
impl netfilter::Filter for MyFilter {
    fn filter(_data: (), skb: &net::SkBuff) -> netfilter::Disposition {
        pr_info!("Packet of length {}\n", skb.len());
        netfilter::Disposition::Accept
    }
}

fn register(name: &CStr) -> Result<Pin<Box<netfilter::Registration<MyFilter>>>> {
    let ns = net::init_ns();
    let dev = ns.dev_get_by_name(name).ok_or(ENOENT)?;
    netfilter::Registration::new_pinned(
        netfilter::Family::NetDev(netfilter::netdev::Hook::Ingress),
        0,
        ns.into(),
        Some(dev),
        (),
    )
}

Implementations

source

impl<T: Filter> Registration<T>

source

pub fn new() -> Self

Creates a new Registration but does not register it yet.

It is allowed to move.

source

pub fn new_pinned(
 family: Family,
 priority: i32,
 ns: ARef<Namespace>,
 dev: Option<ARef<Device>>,
 data: T::Data
) -> Result<Pin<Box<Self>>>

Creates a new filter registration and registers it.

Returns a pinned heap-allocated representation of the registration.

source

pub fn register(
 self: Pin<&mut Self>,
 family: Family,
 priority: i32,
 ns: ARef<Namespace>,
 dev: Option<ARef<Device>>,
 data: T::Data
) -> Result

Registers a network filter.

It must be pinned because the C portion of the kernel stores a pointer to it while it is registered.

The priority is relative to the family’s base priority. For example, if the base priority is 100 and priority is -1, the actual priority will be 99. If a family doesn’t explicitly allow a base to be specified, 0 is assumed.