summaryrefslogtreecommitdiffstats
path: root/include/rule.h
diff options
context:
space:
mode:
Diffstat (limited to 'include/rule.h')
-rw-r--r--include/rule.h174
1 files changed, 174 insertions, 0 deletions
diff --git a/include/rule.h b/include/rule.h
new file mode 100644
index 00000000..e4ad9f58
--- /dev/null
+++ b/include/rule.h
@@ -0,0 +1,174 @@
+#ifndef _RULE_H
+#define _RULE_H
+
+#include <stdint.h>
+#include <nftables.h>
+#include <list.h>
+
+/**
+ * struct handle - handle for tables, chains and rules
+ *
+ * @family: protocol family
+ * @table: table name
+ * @chain: chain name (chains and rules only)
+ * @handle: rule handle (rules only)
+ */
+struct handle {
+ int family;
+ const char *table;
+ const char *chain;
+ uint32_t handle;
+};
+
+extern void handle_merge(struct handle *dst, const struct handle *src);
+extern void handle_free(struct handle *h);
+
+/**
+ * struct table - nftables table
+ *
+ * @list: list node
+ * @handle: table handle
+ * @chains: chains contained in the table
+ */
+struct table {
+ struct list_head list;
+ struct handle handle;
+ struct list_head chains;
+};
+
+extern struct table *table_alloc(void);
+extern void table_free(struct table *table);
+extern void table_add_hash(struct table *table);
+extern struct table *table_lookup(const struct handle *h);
+
+/**
+ * struct chain - nftables chain
+ *
+ * @list: list node in table list
+ * @handle: chain handle
+ * @hooknum: hook number (base chains)
+ * @priority: hook priority (base chains)
+ * @rules: rules contained in the chain
+ */
+struct chain {
+ struct list_head list;
+ struct handle handle;
+ unsigned int hooknum;
+ unsigned int priority;
+ struct list_head rules;
+};
+
+extern struct chain *chain_alloc(const char *name);
+extern void chain_free(struct chain *chain);
+extern void chain_add_hash(struct chain *chain, struct table *table);
+extern struct chain *chain_lookup(const struct table *table,
+ const struct handle *h);
+
+/**
+ * struct rule - nftables rule
+ *
+ * @list: list node in chain list
+ * @handle: rule handle
+ * @location: location the rule was defined at
+ * @stmt: list of statements
+ * @num_stmts: number of statements in stmts list
+ */
+struct rule {
+ struct list_head list;
+ struct handle handle;
+ struct location location;
+ struct list_head stmts;
+ unsigned int num_stmts;
+};
+
+extern struct rule *rule_alloc(const struct location *loc,
+ const struct handle *h);
+extern void rule_free(struct rule *rule);
+extern void rule_print(const struct rule *rule);
+
+/**
+ * enum cmd_ops - command operations
+ *
+ * @CMD_INVALID: invalid
+ * @CMD_ADD: add object
+ * @CMD_DELETE: delete object
+ * @CMD_LIST: list container
+ * @CMD_FLUSH: flush container
+ */
+enum cmd_ops {
+ CMD_INVALID,
+ CMD_ADD,
+ CMD_DELETE,
+ CMD_LIST,
+ CMD_FLUSH,
+};
+
+/**
+ * enum cmd_obj - command objects
+ *
+ * @CMD_OBJ_INVALID: invalid
+ * @CMD_OBJ_RULE: rule
+ * @CMD_OBJ_CHAIN: chain
+ * @CMD_OBJ_TABLE: table
+ */
+enum cmd_obj {
+ CMD_OBJ_INVALID,
+ CMD_OBJ_RULE,
+ CMD_OBJ_CHAIN,
+ CMD_OBJ_TABLE,
+};
+
+/**
+ * struct cmd - command statement
+ *
+ * @list: list node
+ * @location: location of the statement
+ * @op: operation
+ * @obj: object type to perform operation on
+ * @handle: handle for operations working without full objects
+ * @union: object
+ */
+struct cmd {
+ struct list_head list;
+ struct location location;
+ enum cmd_ops op;
+ enum cmd_obj obj;
+ struct handle handle;
+ union {
+ void *data;
+ struct rule *rule;
+ struct chain *chain;
+ struct table *table;
+ };
+};
+
+extern struct cmd *cmd_alloc(enum cmd_ops op, enum cmd_obj obj,
+ const struct handle *h, void *data);
+extern void cmd_free(struct cmd *cmd);
+
+#include <payload.h>
+#include <expression.h>
+
+/**
+ * struct eval_ctx - evaluation context
+ *
+ * @msgs: message queue
+ * @stmt: current statement
+ * @ectx: expression context
+ * @pctx: payload context
+ */
+struct eval_ctx {
+ struct list_head *msgs;
+ struct stmt *stmt;
+ struct expr_ctx ectx;
+ struct payload_ctx pctx;
+};
+
+extern int evaluate(struct eval_ctx *ctx, struct list_head *commands);
+
+extern struct error_record *rule_postprocess(struct rule *rule);
+
+struct netlink_ctx;
+extern int do_command(struct netlink_ctx *ctx, struct cmd *cmd);
+
+#endif /* RULE_H */