diff options
Diffstat (limited to 'include')
-rw-r--r-- | include/mnl.h | 43 | ||||
-rw-r--r-- | include/netlink.h | 67 | ||||
-rw-r--r-- | include/nftables.h | 2 |
3 files changed, 87 insertions, 25 deletions
diff --git a/include/mnl.h b/include/mnl.h new file mode 100644 index 00000000..bd244898 --- /dev/null +++ b/include/mnl.h @@ -0,0 +1,43 @@ +#ifndef _NFTABLES_MNL_H_ +#define _NFTABLES_MNL_H_ + +int mnl_nft_rule_add(struct mnl_socket *nf_sock, struct nft_rule *r, + unsigned int flags); +int mnl_nft_rule_delete(struct mnl_socket *nf_sock, struct nft_rule *r, + unsigned int flags); +struct nft_rule_list *mnl_nft_rule_dump(struct mnl_socket *nf_sock, + int family); + +int mnl_nft_chain_add(struct mnl_socket *nf_sock, struct nft_chain *nlc, + unsigned int flags); +int mnl_nft_chain_delete(struct mnl_socket *nf_sock, struct nft_chain *nlc, + unsigned int flags); +struct nft_chain_list *mnl_nft_chain_dump(struct mnl_socket *nf_sock, + int family); +int mnl_nft_chain_get(struct mnl_socket *nf_sock, struct nft_chain *nlc, + unsigned int flags); + +int mnl_nft_table_add(struct mnl_socket *nf_sock, struct nft_table *nlt, + unsigned int flags); +int mnl_nft_table_delete(struct mnl_socket *nf_sock, struct nft_table *nlt, + unsigned int flags); +struct nft_table_list *mnl_nft_table_dump(struct mnl_socket *nf_sock, + int family); +int mnl_nft_table_get(struct mnl_socket *nf_sock, struct nft_table *nlt, + unsigned int flags); + +int mnl_nft_set_add(struct mnl_socket *nf_sock, struct nft_set *nls, + unsigned int flags); +int mnl_nft_set_delete(struct mnl_socket *nf_sock, struct nft_set *nls, + unsigned int flags); +struct nft_set_list *mnl_nft_set_dump(struct mnl_socket *nf_sock, int family, + const char *table); +int mnl_nft_set_get(struct mnl_socket *nf_sock, struct nft_set *nls); + +int mnl_nft_setelem_add(struct mnl_socket *nf_sock, struct nft_set *nls, + unsigned int flags); +int mnl_nft_setelem_delete(struct mnl_socket *nf_sock, struct nft_set *nls, + unsigned int flags); +int mnl_nft_setelem_get(struct mnl_socket *nf_sock, struct nft_set *nls); + +#endif /* _NFTABLES_MNL_H_ */ diff --git a/include/netlink.h b/include/netlink.h index ccbb872c..19574f02 100644 --- a/include/netlink.h +++ b/include/netlink.h @@ -1,13 +1,14 @@ #ifndef NFTABLES_NETLINK_H #define NFTABLES_NETLINK_H -#include <netlink/netfilter/netfilter.h> -#include <netlink/netfilter/nft_table.h> -#include <netlink/netfilter/nft_chain.h> -#include <netlink/netfilter/nft_rule.h> -#include <netlink/netfilter/nft_expr.h> -#include <netlink/netfilter/nft_data.h> -#include <netlink/object.h> +#include <libnftables/table.h> +#include <libnftables/chain.h> +#include <libnftables/rule.h> +#include <libnftables/expr.h> +#include <libnftables/set.h> + +#include <linux/netlink.h> +#include <linux/netfilter/nf_tables.h> #include <rule.h> @@ -17,45 +18,57 @@ * @msgs: message queue * @list: list of parsed rules/chains/tables * @set: current set + * @data: pointer to pass data to callback */ struct netlink_ctx { struct list_head *msgs; struct list_head list; struct set *set; + const void *data; }; -extern void netlink_dump_object(struct nl_object *obj); +extern struct nft_table *alloc_nft_table(const struct handle *h); +extern struct nft_chain *alloc_nft_chain(const struct handle *h); +extern struct nft_rule *alloc_nft_rule(const struct handle *h); +extern struct nft_rule_expr *alloc_nft_expr(const char *name); +extern struct nft_set *alloc_nft_set(const struct handle *h); -extern struct nfnl_nft_table *alloc_nft_table(const struct handle *h); -extern struct nfnl_nft_chain *alloc_nft_chain(const struct handle *h); -extern struct nfnl_nft_rule *alloc_nft_rule(const struct handle *h); -extern struct nfnl_nft_expr *alloc_nft_expr(int (*init)(struct nfnl_nft_expr *)); -extern struct nfnl_nft_set *alloc_nft_set(const struct handle *h); -extern struct nfnl_nft_data *alloc_nft_data(const void *data, unsigned int len); +struct nft_data_linearize { + size_t len; + uint32_t value[4]; + char chain[NFT_CHAIN_MAXNAMELEN]; + int verdict; +}; -extern struct nfnl_nft_data *netlink_gen_data(const struct expr *expr); -extern struct nfnl_nft_data *netlink_gen_raw_data(const mpz_t value, - enum byteorder byteorder, - unsigned int len); +struct nft_data_delinearize { + size_t len; + const uint32_t *value; + const char *chain; + int verdict; +}; + +extern void netlink_gen_data(const struct expr *expr, + struct nft_data_linearize *data); +extern void netlink_gen_raw_data(const mpz_t value, enum byteorder byteorder, + unsigned int len, + struct nft_data_linearize *data); extern struct expr *netlink_alloc_value(const struct location *loc, - const struct nfnl_nft_data *nld); + const struct nft_data_delinearize *nld); extern struct expr *netlink_alloc_data(const struct location *loc, - const struct nfnl_nft_data *nld, + const struct nft_data_delinearize *nld, enum nft_registers dreg); extern int netlink_linearize_rule(struct netlink_ctx *ctx, - struct nfnl_nft_rule *nlr, + struct nft_rule *nlr, const struct rule *rule); extern struct rule *netlink_delinearize_rule(struct netlink_ctx *ctx, - const struct nl_object *obj); + const struct nft_rule *r); extern int netlink_add_rule(struct netlink_ctx *ctx, const struct handle *h, const struct rule *rule, uint32_t flags); extern int netlink_delete_rule(struct netlink_ctx *ctx, const struct handle *h, const struct location *loc); -extern int netlink_get_rule(struct netlink_ctx *ctx, const struct handle *h, - const struct location *loc); extern int netlink_add_chain(struct netlink_ctx *ctx, const struct handle *h, const struct location *loc, @@ -103,4 +116,10 @@ extern int netlink_delete_setelems(struct netlink_ctx *ctx, const struct handle extern int netlink_get_setelems(struct netlink_ctx *ctx, const struct handle *h, const struct location *loc, struct set *set); +extern void netlink_dump_table(struct nft_table *nlt); +extern void netlink_dump_chain(struct nft_chain *nlc); +extern void netlink_dump_rule(struct nft_rule *nlr); +extern void netlink_dump_expr(struct nft_rule_expr *nle); +extern void netlink_dump_set(struct nft_set *nls); + #endif /* NFTABLES_NETLINK_H */ diff --git a/include/nftables.h b/include/nftables.h index ff91d934..ec21d37f 100644 --- a/include/nftables.h +++ b/include/nftables.h @@ -50,7 +50,7 @@ struct location { unsigned int last_column; }; struct { - struct nl_object *nl_obj; + void *nle; }; }; }; |