Using NetFilterSDK API
The library uses kernel extension for redirecting TCP connections and controlling access for UDP sockets. It is necessary to install the kernel extension using the script:
build\Release\install_driver.sh
Use this script to unload and delete the driver:
build\Release\uninstall_driver.sh
API library has two interfaces for using from C++ and C code, switched by defining the symbol _C_API.
By default the library allows all network activity and bypasses the data packets
without filtering. The client application must create one or more rules using the driver API to specify what network activity must be filtered.
Usage scenarios
C++:
- Implement the methods of
NF_EventHandler
by defining a class derived from this interface.
- Load the kernel extension using a call to
nf_registerDriver.
- Initialize API with a call to
nf_init, specifying
the driver name and the pointer to an object of class derived from NF_EventHandler.
- Add the filtering rules using
nf_addRule and
nf_addUdpRule.
- Handle API notifications in overridden NF_EventHandler methods. The library calls
these methods from a separate thread, so synchronization is required in case if the
same data are simultaneously accessed from the other threads. It is possible to
save the copies of indicated data buffers and send the filtered data back to destination
from any thread later.
- To remove the rules and disable filtering new connections call
nf_deleteRules. The library continues indicating events for active TCP connections
in this case until they close, because the filtering flag is assigned when a connection
is establishing, and remains active during the connection lifetime.
- Call
nf_free to detach from driver.
- Unload the kernel extension using a call to
nf_unRegisterDriver.
Sample code: samples\PassThrough
C:
- Define the symbol _C_API before including nfapi_linux.h and link with the correspondent
build of nfproxy.a.
- For C projects NF_EventHandler is defined as a structure with the pointers to
event handler functions.
Everything else is the same as for C++.