Using NetFilterSDK API
API has two interfaces for using from C++ and C code, switched by defining the symbol _C_API.
By default the library allows all network activity and bypasses the data packets
without filtering. The client application must create one or more rules using API to specify what network activity must be filtered.
Usage scenarios
C++:
- Implement the methods of
NF_EventHandler
by defining a class derived from this interface.
- Initialize API with a call to
nf_init, specifying
the filtering session name and the pointer to an object of class derived from NF_EventHandler.
- Add the filtering rules using
nf_setRules.
- Handle API notifications in overridden NF_EventHandler methods. The library calls
these methods from a separate thread, so synchronization is required in case if the
same data are simultaneously accessed from the other threads. It is possible to
save the copies of indicated data buffers and send the filtered data back to destination
from any thread later.
- To remove the rules and disable filtering new connections call
nf_deleteRules. The library continues indicating events for active TCP connections
in this case until they close, because the filtering flag is assigned when a connection
is establishing, and remains active during the connection lifetime.
- Call
nf_free to stop the filtering and free the library internal structures.
Sample code: samples\PassThrough
C:
- Define the symbol _C_API before including nfapi_linux.h and link with the correspondent
build of nfproxy.a.
- For C projects NF_EventHandler is defined as a structure with the pointers to
event handler functions.
Everything else is the same as for C++.