1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
7 #include "conf-parser.h"
8 #include "in-addr-util.h"
10 typedef struct FirewallContext FirewallContext
;
12 int fw_ctx_new(FirewallContext
**ret
);
13 int fw_ctx_new_full(FirewallContext
**ret
, bool init_tables
);
14 FirewallContext
*fw_ctx_free(FirewallContext
*ctx
);
16 DEFINE_TRIVIAL_CLEANUP_FUNC(FirewallContext
*, fw_ctx_free
);
18 size_t fw_ctx_get_reply_callback_count(FirewallContext
*ctx
);
20 int fw_add_masquerade(
21 FirewallContext
**ctx
,
24 const union in_addr_union
*source
,
25 unsigned source_prefixlen
);
27 int fw_add_local_dnat(
28 FirewallContext
**ctx
,
33 const union in_addr_union
*remote
,
35 const union in_addr_union
*previous_remote
);
37 typedef enum NFTSetSource
{
38 NFT_SET_SOURCE_ADDRESS
,
39 NFT_SET_SOURCE_PREFIX
,
40 NFT_SET_SOURCE_IFINDEX
,
41 NFT_SET_SOURCE_CGROUP
,
45 _NFT_SET_SOURCE_INVALID
= -EINVAL
,
48 typedef struct NFTSet
{
55 typedef struct NFTSetContext
{
60 void nft_set_context_clear(NFTSetContext
*s
);
61 int nft_set_context_dup(const NFTSetContext
*src
, NFTSetContext
*dst
);
63 const char *nfproto_to_string(int i
) _const_
;
64 int nfproto_from_string(const char *s
) _pure_
;
66 const char *nft_set_source_to_string(int i
) _const_
;
67 int nft_set_source_from_string(const char *s
) _pure_
;
69 int nft_set_element_modify_iprange(
76 const union in_addr_union
*source
,
77 unsigned int source_prefixlen
);
79 int nft_set_element_modify_ip(
86 const union in_addr_union
*source
);
88 int nft_set_element_modify_any(
97 int nft_set_add(NFTSetContext
*s
, NFTSetSource source
, int nfproto
, const char *table
, const char *set
);
99 typedef enum NFTSetParseFlags
{
100 NFT_SET_PARSE_NETWORK
,
101 NFT_SET_PARSE_CGROUP
,
104 CONFIG_PARSER_PROTOTYPE(config_parse_nft_set
);