]>
Commit | Line | Data |
---|---|---|
db9ecf05 | 1 | /* SPDX-License-Identifier: LGPL-2.1-or-later */ |
76917807 LP |
2 | #pragma once |
3 | ||
a8fbdf54 TA |
4 | #include <stdbool.h> |
5 | #include <stdint.h> | |
6 | ||
fc289dd0 | 7 | #include "conf-parser.h" |
76917807 LP |
8 | #include "in-addr-util.h" |
9 | ||
761cf19d FW |
10 | typedef struct FirewallContext FirewallContext; |
11 | ||
12 | int fw_ctx_new(FirewallContext **ret); | |
274ffe1a | 13 | int fw_ctx_new_full(FirewallContext **ret, bool init_tables); |
da00b840 | 14 | FirewallContext *fw_ctx_free(FirewallContext *ctx); |
761cf19d FW |
15 | |
16 | DEFINE_TRIVIAL_CLEANUP_FUNC(FirewallContext *, fw_ctx_free); | |
17 | ||
b3a4f4f0 YW |
18 | size_t fw_ctx_get_reply_callback_count(FirewallContext *ctx); |
19 | ||
76917807 | 20 | int fw_add_masquerade( |
da00b840 | 21 | FirewallContext **ctx, |
76917807 LP |
22 | bool add, |
23 | int af, | |
76917807 | 24 | const union in_addr_union *source, |
7509c7fd | 25 | unsigned source_prefixlen); |
76917807 LP |
26 | |
27 | int fw_add_local_dnat( | |
da00b840 | 28 | FirewallContext **ctx, |
76917807 LP |
29 | bool add, |
30 | int af, | |
31 | int protocol, | |
76917807 LP |
32 | uint16_t local_port, |
33 | const union in_addr_union *remote, | |
34 | uint16_t remote_port, | |
35 | const union in_addr_union *previous_remote); | |
94096580 | 36 | |
fc289dd0 TM |
37 | typedef enum NFTSetSource { |
38 | NFT_SET_SOURCE_ADDRESS, | |
39 | NFT_SET_SOURCE_PREFIX, | |
40 | NFT_SET_SOURCE_IFINDEX, | |
dc7d69b3 | 41 | NFT_SET_SOURCE_CGROUP, |
3bb48b19 TM |
42 | NFT_SET_SOURCE_USER, |
43 | NFT_SET_SOURCE_GROUP, | |
fc289dd0 TM |
44 | _NFT_SET_SOURCE_MAX, |
45 | _NFT_SET_SOURCE_INVALID = -EINVAL, | |
07e8c305 | 46 | } NFTSetSource; |
fc289dd0 TM |
47 | |
48 | typedef struct NFTSet { | |
49 | NFTSetSource source; | |
50 | int nfproto; | |
51 | char *table; | |
52 | char *set; | |
53 | } NFTSet; | |
54 | ||
55 | typedef struct NFTSetContext { | |
56 | NFTSet *sets; | |
57 | size_t n_sets; | |
58 | } NFTSetContext; | |
59 | ||
60 | void nft_set_context_clear(NFTSetContext *s); | |
61 | int nft_set_context_dup(const NFTSetContext *src, NFTSetContext *dst); | |
62 | ||
63 | const char *nfproto_to_string(int i) _const_; | |
64 | int nfproto_from_string(const char *s) _pure_; | |
65 | ||
66 | const char *nft_set_source_to_string(int i) _const_; | |
67 | int nft_set_source_from_string(const char *s) _pure_; | |
68 | ||
94096580 TM |
69 | int nft_set_element_modify_iprange( |
70 | FirewallContext *ctx, | |
71 | bool add, | |
72 | int nfproto, | |
73 | int af, | |
74 | const char *table, | |
75 | const char *set, | |
76 | const union in_addr_union *source, | |
77 | unsigned int source_prefixlen); | |
fc289dd0 TM |
78 | |
79 | int nft_set_element_modify_ip( | |
80 | FirewallContext *ctx, | |
81 | bool add, | |
82 | int nfproto, | |
83 | int af, | |
84 | const char *table, | |
85 | const char *set, | |
86 | const union in_addr_union *source); | |
87 | ||
88 | int nft_set_element_modify_any( | |
89 | FirewallContext *ctx, | |
90 | bool add, | |
91 | int nfproto, | |
92 | const char *table, | |
93 | const char *set, | |
94 | const void *element, | |
95 | size_t element_size); | |
96 | ||
dc7d69b3 TM |
97 | int nft_set_add(NFTSetContext *s, NFTSetSource source, int nfproto, const char *table, const char *set); |
98 | ||
99 | typedef enum NFTSetParseFlags { | |
100 | NFT_SET_PARSE_NETWORK, | |
101 | NFT_SET_PARSE_CGROUP, | |
102 | } NFTSetParseFlags; | |
103 | ||
fc289dd0 | 104 | CONFIG_PARSER_PROTOTYPE(config_parse_nft_set); |