[thirdparty/systemd.git] / src / shared / firewall-util-private.h

/* SPDX-License-Identifier: LGPL-2.1-or-later */
#pragma once

#include <stdbool.h>
#include <stdint.h>

#include "sd-netlink.h"

#include "in-addr-util.h"

typedef enum FirewallBackend {
        FW_BACKEND_NONE,
#if HAVE_LIBIPTC
        FW_BACKEND_IPTABLES,
#endif
        FW_BACKEND_NFTABLES,
        _FW_BACKEND_MAX,
        _FW_BACKEND_INVALID = -EINVAL,
} FirewallBackend;

struct FirewallContext {
        FirewallBackend backend;
        sd_netlink *nfnl;
};

const char *firewall_backend_to_string(FirewallBackend b) _const_;

int fw_nftables_init(FirewallContext *ctx);
void fw_nftables_exit(FirewallContext *ctx);

int fw_nftables_add_masquerade(
                FirewallContext *ctx,
                bool add,
                int af,
                const union in_addr_union *source,
                unsigned source_prefixlen);

int fw_nftables_add_local_dnat(
                FirewallContext *ctx,
                bool add,
                int af,
                int protocol,
                uint16_t local_port,
                const union in_addr_union *remote,
                uint16_t remote_port,
                const union in_addr_union *previous_remote);

#if HAVE_LIBIPTC
struct xtc_handle;

int fw_iptables_add_masquerade(
                bool add,
                int af,
                const union in_addr_union *source,
                unsigned source_prefixlen);

int fw_iptables_add_local_dnat(
                bool add,
                int af,
                int protocol,
                uint16_t local_port,
                const union in_addr_union *remote,
                uint16_t remote_port,
                const union in_addr_union *previous_remote);

int fw_iptables_init_nat(struct xtc_handle **ret);
#endif
Commit	Line	Data
7a6eb60b	1	/* SPDX-License-Identifier: LGPL-2.1-or-later */
31220972 FW	2	#pragma once
	3
	4	#include <stdbool.h>
	5	#include <stdint.h>
	6
715a70e7	7	#include "sd-netlink.h"
31220972	8
da00b840 YW	9	#include "in-addr-util.h"
	10
	11	typedef enum FirewallBackend {
761cf19d FW	12	FW_BACKEND_NONE,
	13	#if HAVE_LIBIPTC
	14	FW_BACKEND_IPTABLES,
	15	#endif
715a70e7	16	FW_BACKEND_NFTABLES,
da00b840 YW	17	_FW_BACKEND_MAX,
	18	_FW_BACKEND_INVALID = -EINVAL,
	19	} FirewallBackend;
761cf19d FW	20
761cf19d FW	21	struct FirewallContext {
da00b840	22	FirewallBackend backend;
715a70e7	23	sd_netlink *nfnl;
761cf19d FW	24	};
761cf19d FW	25
da00b840 YW	26	const char *firewall_backend_to_string(FirewallBackend b) _const_;
da00b840 YW	27
715a70e7 FW	28	int fw_nftables_init(FirewallContext *ctx);
	29	void fw_nftables_exit(FirewallContext *ctx);
	30
	31	int fw_nftables_add_masquerade(
	32	FirewallContext *ctx,
	33	bool add,
	34	int af,
	35	const union in_addr_union *source,
	36	unsigned source_prefixlen);
	37
	38	int fw_nftables_add_local_dnat(
	39	FirewallContext *ctx,
	40	bool add,
	41	int af,
	42	int protocol,
	43	uint16_t local_port,
	44	const union in_addr_union *remote,
	45	uint16_t remote_port,
	46	const union in_addr_union *previous_remote);
	47
31220972	48	#if HAVE_LIBIPTC
afbcd905	49	struct xtc_handle;
31220972 FW	50
	51	int fw_iptables_add_masquerade(
	52	bool add,
	53	int af,
	54	const union in_addr_union *source,
	55	unsigned source_prefixlen);
	56
	57	int fw_iptables_add_local_dnat(
	58	bool add,
	59	int af,
	60	int protocol,
	61	uint16_t local_port,
	62	const union in_addr_union *remote,
	63	uint16_t remote_port,
	64	const union in_addr_union *previous_remote);
afbcd905 AZ	65
afbcd905 AZ	66	int fw_iptables_init_nat(struct xtc_handle **ret);
31220972	67	#endif