From 00c179b4c9f9f9394cc6f79e5f2a68410631fd72 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Fri, 3 Aug 2012 17:31:48 +0200
Subject: initial version of libnftables

It adds support for table, chain and rule handling.

This also includes expression handling for each rule.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 include/libnftables/Makefile.am |  4 +++
 include/libnftables/chain.h     | 66 ++++++++++++++++++++++++++++++++++
 include/libnftables/expr.h      | 80 +++++++++++++++++++++++++++++++++++++++++
 include/libnftables/rule.h      | 65 +++++++++++++++++++++++++++++++++
 include/libnftables/table.h     | 51 ++++++++++++++++++++++++++
 5 files changed, 266 insertions(+)
 create mode 100644 include/libnftables/Makefile.am
 create mode 100644 include/libnftables/chain.h
 create mode 100644 include/libnftables/expr.h
 create mode 100644 include/libnftables/rule.h
 create mode 100644 include/libnftables/table.h

(limited to 'include/libnftables')

diff --git a/include/libnftables/Makefile.am b/include/libnftables/Makefile.am
new file mode 100644
index 0000000..47f837f
--- /dev/null
+++ b/include/libnftables/Makefile.am
@@ -0,0 +1,4 @@
+pkginclude_HEADERS = table.h		\
+		     chain.h		\
+		     rule.h		\
+		     expr.h
diff --git a/include/libnftables/chain.h b/include/libnftables/chain.h
new file mode 100644
index 0000000..4325fad
--- /dev/null
+++ b/include/libnftables/chain.h
@@ -0,0 +1,66 @@
+#ifndef _CHAIN_H_
+#define _CHAIN_H_
+
+#include <stdint.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+struct nft_chain;
+
+struct nft_chain *nft_chain_alloc(void);
+void nft_chain_free(struct nft_chain *);
+
+enum {
+	NFT_CHAIN_ATTR_NAME	= 0,
+	NFT_CHAIN_ATTR_FAMILY,
+	NFT_CHAIN_ATTR_TABLE,
+	NFT_CHAIN_ATTR_HOOKNUM,
+	NFT_CHAIN_ATTR_PRIO	= 4,
+	NFT_CHAIN_ATTR_POLICY,
+	NFT_CHAIN_ATTR_USE,
+	NFT_CHAIN_ATTR_BYTES,
+	NFT_CHAIN_ATTR_PACKETS	= 8,
+};
+
+void nft_chain_attr_set(struct nft_chain *t, uint16_t attr, void *data);
+void nft_chain_attr_set_u32(struct nft_chain *t, uint16_t attr, uint32_t data);
+void nft_chain_attr_set_s32(struct nft_chain *t, uint16_t attr, int32_t data);
+void nft_chain_attr_set_u64(struct nft_chain *t, uint16_t attr, uint64_t data);
+
+void *nft_chain_attr_get(struct nft_chain *c, uint16_t attr);
+const char *nft_chain_attr_get_str(struct nft_chain *c, uint16_t attr);
+uint32_t nft_chain_attr_get_u32(struct nft_chain *c, uint16_t attr);
+int32_t nft_chain_attr_get_s32(struct nft_chain *c, uint16_t attr);
+uint64_t nft_chain_attr_get_u64(struct nft_chain *c, uint16_t attr);
+
+void nft_chain_nlmsg_build_payload(struct nlmsghdr *nlh, const struct nft_chain *t);
+
+enum {
+	NFT_CHAIN_O_DEFAULT	= 0,
+};
+
+int nft_chain_snprintf(char *buf, size_t size, struct nft_chain *t, uint32_t type, uint32_t flags);
+
+struct nlmsghdr *nft_chain_nlmsg_build_hdr(char *buf, uint16_t cmd, uint16_t family, uint16_t type, uint32_t seq);
+int nft_chain_nlmsg_parse(const struct nlmsghdr *nlh, struct nft_chain *t);
+
+struct nft_chain_list;
+
+struct nft_chain_list *nft_chain_list_alloc(void);
+void nft_chain_list_free(struct nft_chain_list *list);
+
+void nft_chain_list_add(struct nft_chain *r, struct nft_chain_list *list);
+
+struct nft_chain_list_iter;
+
+struct nft_chain_list_iter *nft_chain_list_iter_create(struct nft_chain_list *l);
+struct nft_chain *nft_chain_list_iter_next(struct nft_chain_list_iter *iter);
+void nft_chain_list_iter_destroy(struct nft_chain_list_iter *iter);
+
+#ifdef __cplusplus
+} /* extern "C" */
+#endif
+
+#endif /* _CHAIN_H_ */
diff --git a/include/libnftables/expr.h b/include/libnftables/expr.h
new file mode 100644
index 0000000..09cd2e0
--- /dev/null
+++ b/include/libnftables/expr.h
@@ -0,0 +1,80 @@
+#ifndef _RULE_EXPR_H_
+#define _RULE_EXPR_H_
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+struct nft_rule_expr;
+
+enum {
+	NFT_RULE_EXPR_ATTR_NAME = 0,
+	NFT_RULE_EXPR_ATTR_BASE,
+};
+
+struct nft_rule_expr *nft_rule_expr_alloc(const char *name);
+void nft_rule_expr_free(struct nft_rule_expr *expr);
+
+void nft_rule_expr_set(struct nft_rule_expr *expr, uint16_t type, const void *data, size_t data_len);
+void nft_rule_expr_set_u8(struct nft_rule_expr *expr, uint16_t type, uint8_t data);
+void nft_rule_expr_set_u32(struct nft_rule_expr *expr, uint16_t type, uint32_t data);
+void nft_rule_expr_set_u64(struct nft_rule_expr *expr, uint16_t type, uint64_t data);
+void nft_rule_expr_set_str(struct nft_rule_expr *expr, uint16_t type, char *str);
+
+const void *nft_rule_expr_get(struct nft_rule_expr *expr, uint16_t type, size_t *data_len);
+uint8_t nft_rule_expr_get_u8(struct nft_rule_expr *expr, uint16_t type);
+uint32_t nft_rule_expr_get_u32(struct nft_rule_expr *expr, uint16_t type);
+uint64_t nft_rule_expr_get_u64(struct nft_rule_expr *expr, uint16_t type);
+const char *nft_rule_expr_get_str(struct nft_rule_expr *expr, uint16_t type);
+
+struct list_head *nft_rule_expr_list_head(struct nft_rule_expr *expr);
+
+void nft_rule_expr_build_payload(struct nlmsghdr *nlh, struct nft_rule_expr *expr);
+
+enum {
+	NFT_EXPR_PAYLOAD_DREG	= NFT_RULE_EXPR_ATTR_BASE,
+	NFT_EXPR_PAYLOAD_BASE,
+	NFT_EXPR_PAYLOAD_OFFSET,
+	NFT_EXPR_PAYLOAD_LEN,
+};
+
+enum {
+	NFT_EXPR_META_KEY	= NFT_RULE_EXPR_ATTR_BASE,
+	NFT_EXPR_META_DREG,
+};
+
+enum {
+	NFT_EXPR_CMP_SREG	= NFT_RULE_EXPR_ATTR_BASE,
+	NFT_EXPR_CMP_OP,
+	NFT_EXPR_CMP_DATA,
+};
+
+enum {
+	NFT_EXPR_IMM_DREG	= NFT_RULE_EXPR_ATTR_BASE,
+	NFT_EXPR_IMM_DATA,
+	NFT_EXPR_IMM_VERDICT,
+	NFT_EXPR_IMM_CHAIN,
+};
+
+enum {
+	NFT_EXPR_CTR_PACKETS	= NFT_RULE_EXPR_ATTR_BASE,
+	NFT_EXPR_CTR_BYTES,
+};
+
+enum {
+	NFT_EXPR_TG_NAME	= NFT_RULE_EXPR_ATTR_BASE,
+	NFT_EXPR_TG_REV,
+	NFT_EXPR_TG_INFO,
+};
+
+enum {
+	NFT_EXPR_MT_NAME	= NFT_RULE_EXPR_ATTR_BASE,
+	NFT_EXPR_MT_REV,
+	NFT_EXPR_MT_INFO,
+};
+
+#ifdef __cplusplus
+} /* extern "C" */
+#endif
+
+#endif
diff --git a/include/libnftables/rule.h b/include/libnftables/rule.h
new file mode 100644
index 0000000..a75d08e
--- /dev/null
+++ b/include/libnftables/rule.h
@@ -0,0 +1,65 @@
+#ifndef _RULE_H_
+#define _RULE_H_
+
+#include <stdint.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+struct nft_rule;
+struct nft_rule_expr;
+
+struct nft_rule *nft_rule_alloc(void);
+void nft_rule_free(struct nft_rule *);
+
+enum {
+	NFT_RULE_ATTR_FAMILY	= 0,
+	NFT_RULE_ATTR_TABLE,
+	NFT_RULE_ATTR_CHAIN,
+	NFT_RULE_ATTR_HANDLE,
+};
+
+void nft_rule_attr_set(struct nft_rule *r, uint16_t attr, void *data);
+void nft_rule_attr_set_u16(struct nft_rule *r, uint16_t attr, uint16_t val);
+void nft_rule_attr_set_str(struct nft_rule *r, uint16_t attr, char *str);
+
+void *nft_rule_attr_get(struct nft_rule *r, uint16_t attr);
+const char *nft_rule_attr_get_str(struct nft_rule *r, uint16_t attr);
+uint16_t nft_rule_attr_get_u16(struct nft_rule *r, uint16_t attr);
+
+void nft_rule_add_expr(struct nft_rule *r, struct nft_rule_expr *expr);
+
+void nft_rule_nlmsg_build_payload(struct nlmsghdr *nlh, struct nft_rule *t);
+
+enum {
+	NFT_RULE_O_DEFAULT	= 0,
+};
+
+int nft_rule_snprintf(char *buf, size_t size, struct nft_rule *t, uint32_t type, uint32_t flags);
+
+struct nlmsghdr *nft_rule_nlmsg_build_hdr(char *buf, uint16_t cmd, uint16_t family, uint16_t type, uint32_t seq);
+int nft_rule_nlmsg_parse(const struct nlmsghdr *nlh, struct nft_rule *t);
+
+struct nft_rule_expr_iter;
+
+struct nft_rule_expr_iter *nft_rule_expr_iter_create(struct nft_rule *r);
+struct nft_rule_expr *nft_rule_expr_iter_next(struct nft_rule_expr_iter *iter);
+void nft_rule_expr_iter_destroy(struct nft_rule_expr_iter *iter);
+
+struct nft_rule_list *nft_rule_list_alloc(void);
+void nft_rule_list_free(struct nft_rule_list *list);
+void nft_rule_list_add(struct nft_rule *r, struct nft_rule_list *list);
+
+struct nft_rule_list_iter;
+
+struct nft_rule_list_iter *nft_rule_list_iter_create(struct nft_rule_list *l);
+struct nft_rule *nft_rule_list_iter_cur(struct nft_rule_list_iter *iter);
+struct nft_rule *nft_rule_list_iter_next(struct nft_rule_list_iter *iter);
+void nft_rule_list_iter_destroy(struct nft_rule_list_iter *iter);
+
+#ifdef __cplusplus
+} /* extern "C" */
+#endif
+
+#endif /* _RULE_H_ */
diff --git a/include/libnftables/table.h b/include/libnftables/table.h
new file mode 100644
index 0000000..de34c42
--- /dev/null
+++ b/include/libnftables/table.h
@@ -0,0 +1,51 @@
+#ifndef _TABLE_H_
+#define _TABLE_H_
+
+#include <stdint.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+struct nft_table;
+
+struct nft_table *nft_table_alloc(void);
+void nft_table_free(struct nft_table *);
+
+enum {
+	NFT_TABLE_ATTR_NAME	= 0,
+	NFT_TABLE_ATTR_FAMILY,
+};
+
+void nft_table_attr_set(struct nft_table *t, uint16_t attr, void *data);
+const void *nft_table_attr_get(struct nft_table *t, uint16_t attr);
+
+void nft_table_nlmsg_build_payload(struct nlmsghdr *nlh, const struct nft_table *t);
+
+enum {
+	NFT_TABLE_O_DEFAULT	= 0,
+};
+
+int nft_table_snprintf(char *buf, size_t size, struct nft_table *t, uint32_t type, uint32_t flags);
+
+struct nlmsghdr *nft_table_nlmsg_build_hdr(char *buf, uint16_t cmd, uint16_t family, uint16_t type, uint32_t seq);
+int nft_table_nlmsg_parse(const struct nlmsghdr *nlh, struct nft_table *t);
+
+struct nft_table_list;
+
+struct nft_table_list *nft_table_list_alloc(void);
+void nft_table_list_free(struct nft_table_list *list);
+
+void nft_table_list_add(struct nft_table *r, struct nft_table_list *list);
+
+struct nft_table_list_iter;
+
+struct nft_table_list_iter *nft_table_list_iter_create(struct nft_table_list *l);
+struct nft_table *nft_table_list_iter_next(struct nft_table_list_iter *iter);
+void nft_table_list_iter_destroy(struct nft_table_list_iter *iter);
+
+#ifdef __cplusplus
+} /* extern "C" */
+#endif
+
+#endif /* _TABLE_H_ */
-- 
cgit v1.2.3