diff options
Diffstat (limited to 'include')
| -rw-r--r-- | include/Makefile.am | 15 | ||||
| -rw-r--r-- | include/common.h | 32 | ||||
| -rw-r--r-- | include/data_reg.h | 31 | ||||
| -rw-r--r-- | include/expr.h | 13 | ||||
| -rw-r--r-- | include/expr_ops.h | 34 | ||||
| -rw-r--r-- | include/internal.h | 18 | ||||
| -rw-r--r-- | include/json.h | 58 | ||||
| -rw-r--r-- | include/set.h | 32 | ||||
| -rw-r--r-- | include/set_elem.h | 14 | ||||
| -rw-r--r-- | include/utils.h | 83 | ||||
| -rw-r--r-- | include/xml.h | 58 |
11 files changed, 386 insertions, 2 deletions
diff --git a/include/Makefile.am b/include/Makefile.am index 102d5ab..be9eb9b 100644 --- a/include/Makefile.am +++ b/include/Makefile.am @@ -1,4 +1,15 @@ SUBDIRS = libnftnl linux -noinst_HEADERS = linux_list.h \ - buffer.h +noinst_HEADERS = internal.h \ + linux_list.h \ + buffer.h \ + data_reg.h \ + expr_ops.h \ + linux_list.h \ + set.h \ + xml.h \ + common.h \ + expr.h \ + json.h \ + set_elem.h \ + utils.h diff --git a/include/common.h b/include/common.h new file mode 100644 index 0000000..4b9e2c5 --- /dev/null +++ b/include/common.h @@ -0,0 +1,32 @@ +#ifndef _LIBNFTNL_COMMON_INTERNAL_H +#define _LIBNFTNL_COMMON_INTERNAL_H + +#define BASE_DEC 10 +#define BASE_HEX 16 + +#define NFT_SNPRINTF_BUFSIZ 4096 + +struct nft_parse_err { + int line; + int column; + int error; + const char *node_name; +}; + +enum nft_parse_input { + NFT_PARSE_BUFFER, + NFT_PARSE_FILE, +}; + +#include <stdio.h> + +int nft_cmd_header_snprintf(char *buf, size_t bufsize, uint32_t cmd, + uint32_t format, uint32_t flags); +int nft_cmd_header_fprintf(FILE *fp, uint32_t cmd, uint32_t format, + uint32_t flags); +int nft_cmd_footer_snprintf(char *buf, size_t bufsize, uint32_t cmd, + uint32_t format, uint32_t flags); +int nft_cmd_footer_fprintf(FILE *fp, uint32_t cmd, uint32_t format, + uint32_t flags); + +#endif diff --git a/include/data_reg.h b/include/data_reg.h new file mode 100644 index 0000000..e7375b8 --- /dev/null +++ b/include/data_reg.h @@ -0,0 +1,31 @@ +#ifndef _DATA_H_ +#define _DATA_H_ + +#include <stdint.h> +#include <unistd.h> + +enum { + DATA_NONE, + DATA_VALUE, + DATA_VERDICT, + DATA_CHAIN, +}; + +union nft_data_reg { + struct { + uint32_t val[4]; + uint32_t len; + }; + struct { + int verdict; + const char *chain; + }; +}; + +int nft_data_reg_snprintf(char *buf, size_t size, union nft_data_reg *reg, + uint32_t output_format, uint32_t flags, int reg_type); +struct nlattr; + +int nft_parse_data(union nft_data_reg *data, struct nlattr *attr, int *type); + +#endif diff --git a/include/expr.h b/include/expr.h new file mode 100644 index 0000000..ed41105 --- /dev/null +++ b/include/expr.h @@ -0,0 +1,13 @@ +#ifndef _LIBNFTNL_EXPR_INTERNAL_H_ +#define _LIBNFTNL_EXPR_INTERNAL_H_ + +struct expr_ops; + +struct nft_rule_expr { + struct list_head head; + uint32_t flags; + struct expr_ops *ops; + uint8_t data[]; +}; + +#endif diff --git a/include/expr_ops.h b/include/expr_ops.h new file mode 100644 index 0000000..ea5defd --- /dev/null +++ b/include/expr_ops.h @@ -0,0 +1,34 @@ +#ifndef _EXPR_OPS_H_ +#define _EXPR_OPS_H_ + +#include <stdint.h> +#include "internal.h" + +struct nlattr; +struct nlmsghdr; +struct nft_rule_expr; + +struct expr_ops { + struct list_head head; + + const char *name; + uint32_t alloc_len; + int max_attr; + void (*free)(struct nft_rule_expr *e); + int (*set)(struct nft_rule_expr *e, uint16_t type, const void *data, uint32_t data_len); + const void *(*get)(const struct nft_rule_expr *e, uint16_t type, uint32_t *data_len); + int (*parse)(struct nft_rule_expr *e, struct nlattr *attr); + void (*build)(struct nlmsghdr *nlh, struct nft_rule_expr *e); + int (*snprintf)(char *buf, size_t len, uint32_t type, uint32_t flags, struct nft_rule_expr *e); + int (*xml_parse)(struct nft_rule_expr *e, mxml_node_t *tree, + struct nft_parse_err *err); + int (*json_parse)(struct nft_rule_expr *e, json_t *data, + struct nft_parse_err *err); +}; + +void nft_expr_ops_register(struct expr_ops *ops); +struct expr_ops *nft_expr_ops_lookup(const char *name); + +#define nft_expr_data(ops) (void *)ops->data + +#endif diff --git a/include/internal.h b/include/internal.h new file mode 100644 index 0000000..c74e2bf --- /dev/null +++ b/include/internal.h @@ -0,0 +1,18 @@ +#ifndef _LIBNFTNL_INTERNAL_H_ +#define _LIBNFTNL_INTERNAL_H_ + +/* The headers below are NOT exposed as part of the API. */ +#include "data_reg.h" +#include "linux_list.h" +#include "utils.h" +#include "common.h" +#include "xml.h" +#include "json.h" +#include "linux_list.h" +#include "set.h" +#include "set_elem.h" +#include "expr.h" +#include "expr_ops.h" +#include "buffer.h" + +#endif /* _LIBNFTNL_INTERNAL_H_ */ diff --git a/include/json.h b/include/json.h new file mode 100644 index 0000000..821c15f --- /dev/null +++ b/include/json.h @@ -0,0 +1,58 @@ +#ifndef LIBNFTNL_JSON_INTERNAL_H +#define LIBNFTNL_JSON_INTERNAL_H + +#ifdef JSON_PARSING +#include <jansson.h> +#include <stdbool.h> +#include "common.h" + +struct nft_table; +struct nft_chain; +struct nft_rule; +struct nft_set; +struct nft_set_elem; +struct nft_set_list; +union nft_data_reg; + +int nft_jansson_parse_val(json_t *root, const char *node_name, int type, + void *out, struct nft_parse_err *err); +const char *nft_jansson_parse_str(json_t *root, const char *node_name, + struct nft_parse_err *err); +bool nft_jansson_node_exist(json_t *root, const char *node_name); +json_t *nft_jansson_create_root(const void *json, json_error_t *error, + struct nft_parse_err *err, enum nft_parse_input input); +json_t *nft_jansson_get_node(json_t *root, const char *node_name, + struct nft_parse_err *err); +void nft_jansson_free_root(json_t *root); +int nft_jansson_parse_family(json_t *root, void *out, struct nft_parse_err *err); +int nft_jansson_str2num(json_t *root, const char *node_name, int base, void *out, + enum nft_type type, struct nft_parse_err *err); +int nft_jansson_parse_reg(json_t *root, const char *node_name, int type, + void *out, struct nft_parse_err *err); +struct nft_rule_expr *nft_jansson_expr_parse(json_t *root, + struct nft_parse_err *err, + struct nft_set_list *set_list); +int nft_jansson_data_reg_parse(json_t *root, const char *node_name, + union nft_data_reg *data_reg, + struct nft_parse_err *err); +int nft_jansson_set_elem_parse(struct nft_set_elem *e, json_t *root, + struct nft_parse_err *err); +int nft_jansson_parse_table(struct nft_table *t, json_t *tree, + struct nft_parse_err *err); +int nft_jansson_parse_chain(struct nft_chain *c, json_t *tree, + struct nft_parse_err *err); +int nft_jansson_parse_rule(struct nft_rule *r, json_t *tree, + struct nft_parse_err *err, + struct nft_set_list *set_list); +int nft_jansson_parse_set(struct nft_set *s, json_t *tree, + struct nft_parse_err *err); +int nft_jansson_parse_elem(struct nft_set *s, json_t *tree, + struct nft_parse_err *err); + +int nft_data_reg_json_parse(union nft_data_reg *reg, json_t *data, + struct nft_parse_err *err); +#else +#define json_t void +#endif + +#endif /* LIBNFTNL_JSON_INTERNAL_H */ diff --git a/include/set.h b/include/set.h new file mode 100644 index 0000000..29b9ce5 --- /dev/null +++ b/include/set.h @@ -0,0 +1,32 @@ +#ifndef _LIBNFTNL_SET_INTERNAL_H_ +#define _LIBNFTNL_SET_INTERNAL_H_ + +#include <linux/netfilter/nf_tables.h> + +struct nft_set { + struct list_head head; + + uint32_t family; + uint32_t set_flags; + const char *table; + const char *name; + uint32_t key_type; + uint32_t key_len; + uint32_t data_type; + uint32_t data_len; + uint32_t id; + enum nft_set_policies policy; + struct { + uint32_t size; + } desc; + struct list_head element_list; + + uint32_t flags; +}; + +struct nft_set_list; +struct nft_rule_expr; +int nft_set_lookup_id(struct nft_rule_expr *e, struct nft_set_list *set_list, + uint32_t *set_id); + +#endif diff --git a/include/set_elem.h b/include/set_elem.h new file mode 100644 index 0000000..467c1a0 --- /dev/null +++ b/include/set_elem.h @@ -0,0 +1,14 @@ +#ifndef _LIBNFTNL_SET_ELEM_INTERNAL_H_ +#define _LIBNFTNL_SET_ELEM_INTERNAL_H_ + +#include <data_reg.h> + +struct nft_set_elem { + struct list_head head; + uint32_t set_elem_flags; + union nft_data_reg key; + union nft_data_reg data; + uint32_t flags; +}; + +#endif diff --git a/include/utils.h b/include/utils.h new file mode 100644 index 0000000..1801108 --- /dev/null +++ b/include/utils.h @@ -0,0 +1,83 @@ +#ifndef LIBNFTNL_UTILS_H +#define LIBNFTNL_UTILS_H 1 + +#include <stdio.h> +#include <stdint.h> +#include <string.h> +#include <stdlib.h> +#include <libnftnl/common.h> + +#include "config.h" +#ifdef HAVE_VISIBILITY_HIDDEN +# define __visible __attribute__((visibility("default"))) +# define EXPORT_SYMBOL(x) typeof(x) (x) __visible +#else +# define EXPORT_SYMBOL +#endif + +#define __init __attribute__((constructor)) +#define __noreturn __attribute__((__noreturn__)) + +#define xfree(ptr) free((void *)ptr); + +#define div_round_up(n, d) (((n) + (d) - 1) / (d)) + +void __noreturn __abi_breakage(const char *file, int line, const char *reason); + +#define abi_breakage() \ + __abi_breakage(__FILE__, __LINE__, strerror(errno)); + +void __nft_assert_fail(uint16_t attr, const char *filename, int line); + +#define nft_assert(val, attr, expr) \ + ((!val || expr) \ + ? (void)0 \ + : __nft_assert_fail(attr, __FILE__, __LINE__)) + +#define nft_assert_validate(data, _validate_array, _attr, _data_len) \ +({ \ + if (!data) \ + __nft_assert_fail(attr, __FILE__, __LINE__); \ + if (_validate_array[_attr]) \ + nft_assert(data, attr, _validate_array[_attr] == _data_len); \ +}) + +#define SNPRINTF_BUFFER_SIZE(ret, size, len, offset) \ + if (ret < 0) \ + return ret; \ + offset += ret; \ + if (ret > len) \ + ret = len; \ + size += ret; \ + len -= ret; + +const char *nft_family2str(uint32_t family); +int nft_str2family(const char *family); + +enum nft_type { + NFT_TYPE_U8, + NFT_TYPE_U16, + NFT_TYPE_U32, + NFT_TYPE_U64, + NFT_TYPE_S8, + NFT_TYPE_S16, + NFT_TYPE_S32, + NFT_TYPE_S64, +}; + +int nft_strtoi(const char *string, int base, void *number, enum nft_type type); +int nft_get_value(enum nft_type type, void *val, void *out); + +const char *nft_verdict2str(uint32_t verdict); +int nft_str2verdict(const char *verdict, int *verdict_num); + +const char *nft_cmd2tag(enum nft_cmd_type cmd); +uint32_t nft_str2cmd(const char *cmd); + +enum nft_cmd_type nft_flag2cmd(uint32_t flags); + +int nft_fprintf(FILE *fp, void *obj, uint32_t cmd, uint32_t type, + uint32_t flags, int (*snprintf_cb)(char *buf, size_t bufsiz, + void *obj, uint32_t cmd, uint32_t type, uint32_t flags)); + +#endif diff --git a/include/xml.h b/include/xml.h new file mode 100644 index 0000000..5137034 --- /dev/null +++ b/include/xml.h @@ -0,0 +1,58 @@ +#ifndef LIBNFTNL_XML_INTERNAL_H +#define LIBNFTNL_XML_INTERNAL_H + +#ifdef XML_PARSING +#include <mxml.h> +#include "common.h" + +#define NFT_XML_MAND 0 +#define NFT_XML_OPT (1 << 0) + +struct nft_table; +struct nft_chain; +struct nft_rule; +struct nft_set; +struct nft_set_elem; +struct nft_set_list; +union nft_data_reg; + +mxml_node_t *nft_mxml_build_tree(const void *data, const char *treename, + struct nft_parse_err *err, enum nft_parse_input input); +struct nft_rule_expr *nft_mxml_expr_parse(mxml_node_t *node, + struct nft_parse_err *err, + struct nft_set_list *set_list); +int nft_mxml_reg_parse(mxml_node_t *tree, const char *reg_name, uint32_t *reg, + uint32_t mxmlflags, uint32_t flags, + struct nft_parse_err *err); +int nft_mxml_data_reg_parse(mxml_node_t *tree, const char *node_name, + union nft_data_reg *data_reg, uint16_t flags, + struct nft_parse_err *err); +int nft_mxml_num_parse(mxml_node_t *tree, const char *node_name, + uint32_t mxml_flags, int base, void *number, + enum nft_type type, uint16_t flags, + struct nft_parse_err *err); +const char *nft_mxml_str_parse(mxml_node_t *tree, const char *node_name, + uint32_t mxml_flags, uint16_t flags, + struct nft_parse_err *err); +int nft_mxml_family_parse(mxml_node_t *tree, const char *node_name, + uint32_t mxml_flags, uint16_t flags, + struct nft_parse_err *err); +int nft_mxml_set_elem_parse(mxml_node_t *node, struct nft_set_elem *e, + struct nft_parse_err *err); +int nft_mxml_table_parse(mxml_node_t *tree, struct nft_table *t, + struct nft_parse_err *err); +int nft_mxml_chain_parse(mxml_node_t *tree, struct nft_chain *c, + struct nft_parse_err *err); +int nft_mxml_rule_parse(mxml_node_t *tree, struct nft_rule *r, + struct nft_parse_err *err, + struct nft_set_list *set_list); +int nft_mxml_set_parse(mxml_node_t *tree, struct nft_set *s, + struct nft_parse_err *err); + +int nft_data_reg_xml_parse(union nft_data_reg *reg, mxml_node_t *tree, + struct nft_parse_err *err); +#else +#define mxml_node_t void +#endif + +#endif /* LIBNFTNL_XML_INTERNAL_H */ |