Struct nflog::Queue

pub struct Queue { /* fields omitted */ }

Opaque struct Queue: abstracts an NFLOG queue

Methods

impl Queue

fn new() -> Queue

Creates a new, uninitialized, Queue.

fn open(&mut self)

Opens a NFLOG handler

This function obtains a netfilter log connection handle. When you are finished with the handle returned by this function, you should destroy it by calling close(). A new netlink connection is obtained internally and associated with the log connection handle returned.

fn close(&mut self)

Closes a NFLOG handler

This function closes the nflog handler and free associated resources.

fn bind(&self, pf: c_int) -> i32

Bind a nflog handler to a given protocol family

Binds the given log connection handle to process packets belonging to the given protocol family (ie. PF_INET, PF_INET6, etc).

Arguments

• pf - Protocol family (usually AF_INET or AF_INET6)

Remarks:

Requires root privileges

fn unbind(&self, pf: c_int) -> i32

Unbinds the nflog handler from a protocol family

Unbinds the given nflog handle from processing packets belonging to the given protocol family.

Arguments

• pf - Protocol family (usually AF_INET or AF_INET6)

Remarks:

Requires root privileges

fn fd(&self) -> i32

Returns the C file descriptor associated with the nflog handler

This function returns a file descriptor that can be used for communication over the netlink connection associated with the given log connection handle.

fn bind_group(&mut self, num: u16)

Binds a new handle to a specific group number.

Arguments:

• num - The number of the group to bind to

fn unbind_group(&mut self)

Unbinds a group handle

Arguments:

• num - The number of the group to unbind to

fn set_mode(&self, mode: CopyMode, range: u32)

Set the amount of packet data that nflog copies to userspace

Arguments:

• mode - The part of the packet that we are interested in
• range - Size of the packet that we want to get

mode can be one of:

• NFULNL_COPY_NONE - do not copy any data
• NFULNL_COPY_META - copy only packet metadata
• NFULNL_COPY_PACKET - copy entire packet

fn set_timeout(&self, timeout: u32)

Sets the maximum time to push log buffer for this group

Arguments:

• timeout - Time to wait until the log buffer is pushed to userspace

This function allows to set the maximum time that nflog waits until it pushes the log buffer to userspace if no new logged packets have occured.

Basically, nflog implements a buffer to reduce the computational cost of delivering the log message to userspace.

fn set_qthresh(&self, qthresh: u32)

Sets the maximum amount of logs in buffer for this group

Arguments:

• qthresh - Maximum number of log entries

This function determines the maximum number of log entries in the buffer until it is pushed to userspace.

fn set_nlbufsiz(&self, nlbufsiz: u32)

Sets the size of the nflog buffer for this group

Arguments:

• nlbufsiz - Size of the nflog buffer

This function sets the size (in bytes) of the buffer that is used to stack log messages in nflog.

fn set_flags(&self, flags: CfgFlags)

Sets the nflog flags for this group

Arguments:

• flags - Flags that you want to set

There are two existing flags:

• NFULNL_CFG_F_SEQ: This enables local nflog sequence numbering.
• NFULNL_CFG_F_SEQ_GLOBAL: This enables global nflog sequence numbering.

fn set_callback(&mut self, cb: NflogCallback)

Registers the callback triggered when a packet is received

fn run_loop(&self)

Runs an infinite loop, waiting for packets and triggering the callback.