#ifndef NFTABLES_NFTABLES_H #define NFTABLES_NFTABLES_H #include #include #include #include #include struct cookie { FILE *fp; FILE *orig_fp; char *buf; size_t buflen; size_t pos; }; struct output_ctx { unsigned int flags; union { FILE *output_fp; struct cookie output_cookie; }; union { FILE *error_fp; struct cookie error_cookie; }; }; static inline bool nft_output_reversedns(const struct output_ctx *octx) { return octx->flags & NFT_CTX_OUTPUT_REVERSEDNS; } static inline bool nft_output_service(const struct output_ctx *octx) { return octx->flags & NFT_CTX_OUTPUT_SERVICE; } static inline bool nft_output_stateless(const struct output_ctx *octx) { return octx->flags & NFT_CTX_OUTPUT_STATELESS; } static inline bool nft_output_handle(const struct output_ctx *octx) { return octx->flags & NFT_CTX_OUTPUT_HANDLE; } static inline bool nft_output_json(const struct output_ctx *octx) { return octx->flags & NFT_CTX_OUTPUT_JSON; } static inline bool nft_output_echo(const struct output_ctx *octx) { return octx->flags & NFT_CTX_OUTPUT_ECHO; } static inline bool nft_output_guid(const struct output_ctx *octx) { return octx->flags & NFT_CTX_OUTPUT_GUID; } static inline bool nft_output_numeric_proto(const struct output_ctx *octx) { return octx->flags & NFT_CTX_OUTPUT_NUMERIC_PROTO; } static inline bool nft_output_numeric_prio(const struct output_ctx *octx) { return octx->flags & NFT_CTX_OUTPUT_NUMERIC_PRIO; } static inline bool nft_output_numeric_symbol(const struct output_ctx *octx) { return octx->flags & NFT_CTX_OUTPUT_NUMERIC_SYMBOL; } struct nft_cache { uint16_t genid; struct list_head list; uint32_t seqnum; }; struct mnl_socket; struct parser_state; #define MAX_INCLUDE_DEPTH 16 struct nft_ctx { struct mnl_socket *nf_sock; char **include_paths; unsigned int num_include_paths; unsigned int parser_max_errors; unsigned int debug_mask; struct output_ctx output; bool check; struct nft_cache cache; uint32_t flags; struct parser_state *state; void *scanner; void *json_root; FILE *f[MAX_INCLUDE_DEPTH]; }; enum nftables_exit_codes { NFT_EXIT_SUCCESS = 0, NFT_EXIT_FAILURE = 1, NFT_EXIT_NOMEM = 2, NFT_EXIT_NONL = 3, }; struct input_descriptor; struct location { const struct input_descriptor *indesc; union { struct { off_t token_offset; off_t line_offset; unsigned int first_line; unsigned int last_line; unsigned int first_column; unsigned int last_column; }; struct { const void *nle; }; }; }; extern const struct location internal_location; /** * enum input_descriptor_types * * @INDESC_INVALID: invalid * @INDESC_INTERNAL: dummy type for internally generated messages * @INDESC_BUFFER: buffer (command line arguments) * @INDESC_FILE: file * @INDESC_CLI: command line interface * @INDESC_NETLINK: received from netlink */ enum input_descriptor_types { INDESC_INVALID, INDESC_INTERNAL, INDESC_BUFFER, INDESC_FILE, INDESC_CLI, INDESC_NETLINK, }; /** * struct input_descriptor * * @location: location, used for include statements * @type: input descriptor type * @name: name describing the input * @union: buffer or file descriptor, depending on type * @lineno: current line number in the input * @column: current column in the input * @token_offset: offset of the current token to the beginning * @line_offset: offset of the current line to the beginning */ struct input_descriptor { struct location location; enum input_descriptor_types type; const char *name; const char *data; unsigned int lineno; unsigned int column; off_t token_offset; off_t line_offset; }; void ct_label_table_init(void); void mark_table_init(void); void gmp_init(void); void realm_table_rt_init(void); void devgroup_table_init(void); void realm_table_meta_init(void); void xt_init(void); void ct_label_table_exit(void); void mark_table_exit(void); void realm_table_meta_exit(void); void devgroup_table_exit(void); void realm_table_rt_exit(void); int nft_print(struct output_ctx *octx, const char *fmt, ...) __attribute__((format(printf, 2, 3))); int nft_gmp_print(struct output_ctx *octx, const char *fmt, ...) __attribute__((format(printf, 2, 0))); #define __NFT_OUTPUT_NOTSUPP UINT_MAX #endif /* NFTABLES_NFTABLES_H */