Using NetFilterSDK API
The library uses kernel extension for redirecting TCP connections and controlling access for UDP sockets. It is necessary to install the kernel extension using the script:
Use this script to unload and delete the driver:
API library has two interfaces for using from C++ and C code, switched by defining the symbol _C_API.
By default the library allows all network activity and bypasses the data packets
without filtering. The client application must create one or more rules using the driver API to specify what network activity must be filtered.
- Implement the methods of NF_EventHandler
by defining a class derived from this interface.
- Load the kernel extension using a call to nf_registerDriver
- Initialize API with a call to nf_init
the driver name and the pointer to an object of class derived from NF_EventHandler.
- Add the filtering rules using nf_addRule
- Handle API notifications in overridden NF_EventHandler methods. The library calls
these methods from a separate thread, so synchronization is required in case if the
same data are simultaneously accessed from the other threads. It is possible to
save the copies of indicated data buffers and send the filtered data back to destination
from any thread later.
- To remove the rules and disable filtering new connections call
. The library continues indicating events for active TCP connections
in this case until they close, because the filtering flag is assigned when a connection
is establishing, and remains active during the connection lifetime.
- Call nf_free
to detach from driver.
- Unload the kernel extension using a call to nf_unRegisterDriver
Sample code: samples\PassThrough
- Define the symbol _C_API before including nfapi_linux.h and link with the correspondent
build of nfproxy.a.
- For C projects NF_EventHandler is defined as a structure with the pointers to
event handler functions.
Everything else is the same as for C++.