From fac10ea799fe9b6158d74f66d6ad46536d38a545 Mon Sep 17 00:00:00 2001 From: Patrick McHardy Date: Wed, 18 Mar 2009 04:55:00 +0100 Subject: Initial commit --- include/rule.h | 174 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 174 insertions(+) create mode 100644 include/rule.h (limited to 'include/rule.h') diff --git a/include/rule.h b/include/rule.h new file mode 100644 index 00000000..e4ad9f58 --- /dev/null +++ b/include/rule.h @@ -0,0 +1,174 @@ +#ifndef _RULE_H +#define _RULE_H + +#include +#include +#include + +/** + * struct handle - handle for tables, chains and rules + * + * @family: protocol family + * @table: table name + * @chain: chain name (chains and rules only) + * @handle: rule handle (rules only) + */ +struct handle { + int family; + const char *table; + const char *chain; + uint32_t handle; +}; + +extern void handle_merge(struct handle *dst, const struct handle *src); +extern void handle_free(struct handle *h); + +/** + * struct table - nftables table + * + * @list: list node + * @handle: table handle + * @chains: chains contained in the table + */ +struct table { + struct list_head list; + struct handle handle; + struct list_head chains; +}; + +extern struct table *table_alloc(void); +extern void table_free(struct table *table); +extern void table_add_hash(struct table *table); +extern struct table *table_lookup(const struct handle *h); + +/** + * struct chain - nftables chain + * + * @list: list node in table list + * @handle: chain handle + * @hooknum: hook number (base chains) + * @priority: hook priority (base chains) + * @rules: rules contained in the chain + */ +struct chain { + struct list_head list; + struct handle handle; + unsigned int hooknum; + unsigned int priority; + struct list_head rules; +}; + +extern struct chain *chain_alloc(const char *name); +extern void chain_free(struct chain *chain); +extern void chain_add_hash(struct chain *chain, struct table *table); +extern struct chain *chain_lookup(const struct table *table, + const struct handle *h); + +/** + * struct rule - nftables rule + * + * @list: list node in chain list + * @handle: rule handle + * @location: location the rule was defined at + * @stmt: list of statements + * @num_stmts: number of statements in stmts list + */ +struct rule { + struct list_head list; + struct handle handle; + struct location location; + struct list_head stmts; + unsigned int num_stmts; +}; + +extern struct rule *rule_alloc(const struct location *loc, + const struct handle *h); +extern void rule_free(struct rule *rule); +extern void rule_print(const struct rule *rule); + +/** + * enum cmd_ops - command operations + * + * @CMD_INVALID: invalid + * @CMD_ADD: add object + * @CMD_DELETE: delete object + * @CMD_LIST: list container + * @CMD_FLUSH: flush container + */ +enum cmd_ops { + CMD_INVALID, + CMD_ADD, + CMD_DELETE, + CMD_LIST, + CMD_FLUSH, +}; + +/** + * enum cmd_obj - command objects + * + * @CMD_OBJ_INVALID: invalid + * @CMD_OBJ_RULE: rule + * @CMD_OBJ_CHAIN: chain + * @CMD_OBJ_TABLE: table + */ +enum cmd_obj { + CMD_OBJ_INVALID, + CMD_OBJ_RULE, + CMD_OBJ_CHAIN, + CMD_OBJ_TABLE, +}; + +/** + * struct cmd - command statement + * + * @list: list node + * @location: location of the statement + * @op: operation + * @obj: object type to perform operation on + * @handle: handle for operations working without full objects + * @union: object + */ +struct cmd { + struct list_head list; + struct location location; + enum cmd_ops op; + enum cmd_obj obj; + struct handle handle; + union { + void *data; + struct rule *rule; + struct chain *chain; + struct table *table; + }; +}; + +extern struct cmd *cmd_alloc(enum cmd_ops op, enum cmd_obj obj, + const struct handle *h, void *data); +extern void cmd_free(struct cmd *cmd); + +#include +#include + +/** + * struct eval_ctx - evaluation context + * + * @msgs: message queue + * @stmt: current statement + * @ectx: expression context + * @pctx: payload context + */ +struct eval_ctx { + struct list_head *msgs; + struct stmt *stmt; + struct expr_ctx ectx; + struct payload_ctx pctx; +}; + +extern int evaluate(struct eval_ctx *ctx, struct list_head *commands); + +extern struct error_record *rule_postprocess(struct rule *rule); + +struct netlink_ctx; +extern int do_command(struct netlink_ctx *ctx, struct cmd *cmd); + +#endif /* RULE_H */ -- cgit v1.2.3