summaryrefslogtreecommitdiffstats
path: root/include/nftables.h
diff options
context:
space:
mode:
Diffstat (limited to 'include/nftables.h')
-rw-r--r--include/nftables.h50
1 files changed, 38 insertions, 12 deletions
diff --git a/include/nftables.h b/include/nftables.h
index 90d33196..4b7c3359 100644
--- a/include/nftables.h
+++ b/include/nftables.h
@@ -1,10 +1,10 @@
#ifndef NFTABLES_NFTABLES_H
#define NFTABLES_NFTABLES_H
-#include <stdbool.h>
#include <stdarg.h>
#include <limits.h>
#include <utils.h>
+#include <cache.h>
#include <nftables/libnftables.h>
struct cookie {
@@ -22,6 +22,20 @@ struct symbol_tables {
const struct symbol_table *realm;
};
+struct input_ctx {
+ unsigned int flags;
+};
+
+static inline bool nft_input_no_dns(const struct input_ctx *ictx)
+{
+ return ictx->flags & NFT_CTX_INPUT_NO_DNS;
+}
+
+static inline bool nft_input_json(const struct input_ctx *ictx)
+{
+ return ictx->flags & NFT_CTX_INPUT_JSON;
+}
+
struct output_ctx {
unsigned int flags;
union {
@@ -95,34 +109,41 @@ static inline bool nft_output_terse(const struct output_ctx *octx)
return octx->flags & NFT_CTX_OUTPUT_TERSE;
}
-struct nft_cache {
- uint32_t genid;
- struct list_head list;
- uint32_t seqnum;
- uint32_t flags;
-};
-
struct mnl_socket;
struct parser_state;
struct scope;
+struct nft_vars {
+ const char *key;
+ const char *value;
+};
+
#define MAX_INCLUDE_DEPTH 16
struct nft_ctx {
struct mnl_socket *nf_sock;
char **include_paths;
unsigned int num_include_paths;
+ struct nft_vars *vars;
+ struct {
+ const char *buf;
+ struct list_head indesc_list;
+ } vars_ctx;
+ unsigned int num_vars;
unsigned int parser_max_errors;
unsigned int debug_mask;
+ struct input_ctx input;
struct output_ctx output;
bool check;
struct nft_cache cache;
uint32_t flags;
+ uint32_t optimize_flags;
struct parser_state *state;
void *scanner;
struct scope *top_scope;
void *json_root;
- FILE *f[MAX_INCLUDE_DEPTH];
+ json_t *json_echo;
+ const char *stdin_buf;
};
enum nftables_exit_codes {
@@ -170,12 +191,15 @@ enum input_descriptor_types {
INDESC_FILE,
INDESC_CLI,
INDESC_NETLINK,
+ INDESC_STDIN,
};
/**
* struct input_descriptor
*
* @location: location, used for include statements
+ * @f: file descriptor
+ * @depth: include depth of the descriptor
* @type: input descriptor type
* @name: name describing the input
* @union: buffer or file descriptor, depending on type
@@ -186,6 +210,8 @@ enum input_descriptor_types {
*/
struct input_descriptor {
struct list_head list;
+ FILE *f;
+ unsigned int depth;
struct location location;
enum input_descriptor_types type;
const char *name;
@@ -198,7 +224,6 @@ struct input_descriptor {
void ct_label_table_init(struct nft_ctx *ctx);
void mark_table_init(struct nft_ctx *ctx);
-void gmp_init(void);
void realm_table_rt_init(struct nft_ctx *ctx);
void devgroup_table_init(struct nft_ctx *ctx);
void xt_init(void);
@@ -210,8 +235,9 @@ void realm_table_rt_exit(struct nft_ctx *ctx);
int nft_print(struct output_ctx *octx, const char *fmt, ...)
__attribute__((format(printf, 2, 3)));
-int nft_gmp_print(struct output_ctx *octx, const char *fmt, ...)
- __attribute__((format(printf, 2, 0)));
+int nft_gmp_print(struct output_ctx *octx, const char *fmt, ...);
+
+int nft_optimize(struct nft_ctx *nft, struct list_head *cmds);
#define __NFT_OUTPUT_NOTSUPP UINT_MAX