|
Packit |
c5a612 |
#ifndef NFTABLES_NETLINK_H
|
|
Packit |
c5a612 |
#define NFTABLES_NETLINK_H
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
#include <libnftnl/table.h>
|
|
Packit |
c5a612 |
#include <libnftnl/chain.h>
|
|
Packit |
c5a612 |
#include <libnftnl/rule.h>
|
|
Packit |
c5a612 |
#include <libnftnl/expr.h>
|
|
Packit |
c5a612 |
#include <libnftnl/set.h>
|
|
Packit |
c5a612 |
#include <libnftnl/object.h>
|
|
Packit |
c5a612 |
#include <libnftnl/flowtable.h>
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
#include <linux/netlink.h>
|
|
Packit |
c5a612 |
#include <linux/netfilter/nf_tables.h>
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
#include <rule.h>
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
#define MAX_REGS (1 + NFT_REG32_15 - NFT_REG32_00)
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
struct netlink_parse_ctx {
|
|
Packit |
c5a612 |
struct list_head *msgs;
|
|
Packit |
c5a612 |
struct table *table;
|
|
Packit |
c5a612 |
struct rule *rule;
|
|
Packit |
c5a612 |
struct stmt *stmt;
|
|
Packit |
c5a612 |
struct expr *registers[MAX_REGS + 1];
|
|
Packit |
c5a612 |
unsigned int debug_mask;
|
|
Packit |
c5a612 |
};
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
struct rule_pp_ctx {
|
|
Packit |
c5a612 |
struct proto_ctx pctx;
|
|
Packit |
c5a612 |
struct payload_dep_ctx pdctx;
|
|
Packit |
c5a612 |
struct stmt *stmt;
|
|
Packit |
c5a612 |
};
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
extern const struct input_descriptor indesc_netlink;
|
|
Packit |
c5a612 |
extern const struct location netlink_location;
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
/**
|
|
Packit |
c5a612 |
* struct netlink_ctx
|
|
Packit |
c5a612 |
*
|
|
Packit |
c5a612 |
* @nft: nftables context
|
|
Packit |
c5a612 |
* @msgs: message queue
|
|
Packit |
c5a612 |
* @list: list of parsed rules/chains/tables
|
|
Packit |
c5a612 |
* @set: current set
|
|
Packit |
c5a612 |
* @data: pointer to pass data to callback
|
|
Packit |
c5a612 |
* @seqnum: sequence number
|
|
Packit |
c5a612 |
*/
|
|
Packit |
c5a612 |
struct netlink_ctx {
|
|
Packit |
c5a612 |
struct nft_ctx *nft;
|
|
Packit |
c5a612 |
struct list_head *msgs;
|
|
Packit |
c5a612 |
struct list_head list;
|
|
Packit |
c5a612 |
struct set *set;
|
|
Packit |
c5a612 |
const void *data;
|
|
Packit |
c5a612 |
uint32_t seqnum;
|
|
Packit |
c5a612 |
struct nftnl_batch *batch;
|
|
Packit |
c5a612 |
};
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
extern struct nftnl_expr *alloc_nft_expr(const char *name);
|
|
Packit |
c5a612 |
extern void alloc_setelem_cache(const struct expr *set, struct nftnl_set *nls);
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
extern struct nftnl_table *netlink_table_alloc(const struct nlmsghdr *nlh);
|
|
Packit |
c5a612 |
extern struct nftnl_chain *netlink_chain_alloc(const struct nlmsghdr *nlh);
|
|
Packit |
c5a612 |
extern struct nftnl_set *netlink_set_alloc(const struct nlmsghdr *nlh);
|
|
Packit |
c5a612 |
extern struct nftnl_obj *netlink_obj_alloc(const struct nlmsghdr *nlh);
|
|
Packit |
c5a612 |
extern struct nftnl_rule *netlink_rule_alloc(const struct nlmsghdr *nlh);
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
struct nft_data_linearize {
|
|
Packit |
c5a612 |
uint32_t len;
|
|
Packit |
c5a612 |
uint32_t value[4];
|
|
Packit |
c5a612 |
char chain[NFT_CHAIN_MAXNAMELEN];
|
|
Packit |
c5a612 |
int verdict;
|
|
Packit |
c5a612 |
};
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
struct nft_data_delinearize {
|
|
Packit |
c5a612 |
uint32_t len;
|
|
Packit |
c5a612 |
const uint32_t *value;
|
|
Packit |
c5a612 |
const char *chain;
|
|
Packit |
c5a612 |
int verdict;
|
|
Packit |
c5a612 |
};
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
static inline unsigned int netlink_register_space(unsigned int size)
|
|
Packit |
c5a612 |
{
|
|
Packit |
c5a612 |
return div_round_up(size, NFT_REG32_SIZE * BITS_PER_BYTE);
|
|
Packit |
c5a612 |
}
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
static inline unsigned int netlink_padded_len(unsigned int size)
|
|
Packit |
c5a612 |
{
|
|
Packit |
c5a612 |
return netlink_register_space(size) * NFT_REG32_SIZE * BITS_PER_BYTE;
|
|
Packit |
c5a612 |
}
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
static inline unsigned int netlink_padding_len(unsigned int size)
|
|
Packit |
c5a612 |
{
|
|
Packit |
c5a612 |
return netlink_padded_len(size) - size;
|
|
Packit |
c5a612 |
}
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
extern void netlink_gen_data(const struct expr *expr,
|
|
Packit |
c5a612 |
struct nft_data_linearize *data);
|
|
Packit |
c5a612 |
extern void netlink_gen_raw_data(const mpz_t value, enum byteorder byteorder,
|
|
Packit |
c5a612 |
unsigned int len,
|
|
Packit |
c5a612 |
struct nft_data_linearize *data);
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
extern struct expr *netlink_alloc_value(const struct location *loc,
|
|
Packit |
c5a612 |
const struct nft_data_delinearize *nld);
|
|
Packit |
c5a612 |
extern struct expr *netlink_alloc_data(const struct location *loc,
|
|
Packit |
c5a612 |
const struct nft_data_delinearize *nld,
|
|
Packit |
c5a612 |
enum nft_registers dreg);
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
extern int netlink_list_rules(struct netlink_ctx *ctx, const struct handle *h);
|
|
Packit |
c5a612 |
extern void netlink_linearize_rule(struct netlink_ctx *ctx,
|
|
Packit |
c5a612 |
struct nftnl_rule *nlr,
|
|
Packit |
c5a612 |
const struct rule *rule);
|
|
Packit |
c5a612 |
extern struct rule *netlink_delinearize_rule(struct netlink_ctx *ctx,
|
|
Packit |
c5a612 |
struct nftnl_rule *r);
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
extern int netlink_list_chains(struct netlink_ctx *ctx, const struct handle *h);
|
|
Packit |
c5a612 |
extern struct chain *netlink_delinearize_chain(struct netlink_ctx *ctx,
|
|
Packit |
c5a612 |
const struct nftnl_chain *nlc);
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
extern int netlink_list_tables(struct netlink_ctx *ctx, const struct handle *h);
|
|
Packit |
c5a612 |
extern struct table *netlink_delinearize_table(struct netlink_ctx *ctx,
|
|
Packit |
c5a612 |
const struct nftnl_table *nlt);
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
extern int netlink_list_sets(struct netlink_ctx *ctx, const struct handle *h);
|
|
Packit |
c5a612 |
extern struct set *netlink_delinearize_set(struct netlink_ctx *ctx,
|
|
Packit |
c5a612 |
const struct nftnl_set *nls);
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
extern struct stmt *netlink_parse_set_expr(const struct set *set,
|
|
Packit |
c5a612 |
const struct nft_cache *cache,
|
|
Packit |
c5a612 |
const struct nftnl_expr *nle);
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
extern int netlink_list_setelems(struct netlink_ctx *ctx,
|
|
Packit |
c5a612 |
const struct handle *h, struct set *set);
|
|
Packit |
c5a612 |
extern int netlink_get_setelem(struct netlink_ctx *ctx, const struct handle *h,
|
|
Packit |
c5a612 |
const struct location *loc, struct table *table,
|
|
Packit |
c5a612 |
struct set *set, struct expr *init);
|
|
Packit |
c5a612 |
extern int netlink_delinearize_setelem(struct nftnl_set_elem *nlse,
|
|
Packit |
c5a612 |
const struct set *set,
|
|
Packit |
c5a612 |
struct nft_cache *cache);
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
extern int netlink_list_objs(struct netlink_ctx *ctx, const struct handle *h);
|
|
Packit |
c5a612 |
extern int netlink_reset_objs(struct netlink_ctx *ctx, const struct cmd *cmd,
|
|
Packit |
c5a612 |
uint32_t type, bool dump);
|
|
Packit |
c5a612 |
extern struct obj *netlink_delinearize_obj(struct netlink_ctx *ctx,
|
|
Packit |
c5a612 |
struct nftnl_obj *nlo);
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
extern int netlink_list_flowtables(struct netlink_ctx *ctx,
|
|
Packit |
c5a612 |
const struct handle *h);
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
extern void netlink_dump_chain(const struct nftnl_chain *nlc,
|
|
Packit |
c5a612 |
struct netlink_ctx *ctx);
|
|
Packit |
c5a612 |
extern void netlink_dump_rule(const struct nftnl_rule *nlr,
|
|
Packit |
c5a612 |
struct netlink_ctx *ctx);
|
|
Packit |
c5a612 |
extern void netlink_dump_expr(const struct nftnl_expr *nle,
|
|
Packit |
c5a612 |
FILE *fp, unsigned int debug_mask);
|
|
Packit |
c5a612 |
extern void netlink_dump_set(const struct nftnl_set *nls,
|
|
Packit |
c5a612 |
struct netlink_ctx *ctx);
|
|
Packit |
c5a612 |
extern void netlink_dump_obj(struct nftnl_obj *nlo, struct netlink_ctx *ctx);
|
|
Packit |
c5a612 |
extern void netlink_dump_flowtable(struct nftnl_flowtable *flo, struct netlink_ctx *ctx);
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
#define netlink_abi_error() \
|
|
Packit |
c5a612 |
__netlink_abi_error(__FILE__, __LINE__, strerror(errno));
|
|
Packit |
c5a612 |
extern void __noreturn __netlink_abi_error(const char *file, int line, const char *reason);
|
|
Packit |
c5a612 |
extern int netlink_io_error(struct netlink_ctx *ctx,
|
|
Packit |
c5a612 |
const struct location *loc, const char *fmt, ...);
|
|
Packit |
c5a612 |
#define netlink_init_error() \
|
|
Packit |
c5a612 |
__netlink_init_error(__FILE__, __LINE__, strerror(errno));
|
|
Packit |
c5a612 |
extern void __noreturn __netlink_init_error(const char *file, int line, const char *reason);
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
struct netlink_mon_handler {
|
|
Packit |
c5a612 |
uint32_t monitor_flags;
|
|
Packit |
c5a612 |
uint32_t format;
|
|
Packit |
c5a612 |
struct netlink_ctx *ctx;
|
|
Packit |
c5a612 |
const struct location *loc;
|
|
Packit |
c5a612 |
unsigned int debug_mask;
|
|
Packit |
c5a612 |
struct nft_cache *cache;
|
|
Packit |
c5a612 |
};
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
extern int netlink_monitor(struct netlink_mon_handler *monhandler,
|
|
Packit |
c5a612 |
struct mnl_socket *nf_sock);
|
|
Packit |
c5a612 |
int netlink_echo_callback(const struct nlmsghdr *nlh, void *data);
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
struct ruleset_parse {
|
|
Packit |
c5a612 |
struct netlink_ctx *nl_ctx;
|
|
Packit |
c5a612 |
struct cmd *cmd;
|
|
Packit |
c5a612 |
};
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
struct nftnl_parse_ctx;
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
int netlink_events_trace_cb(const struct nlmsghdr *nlh, int type,
|
|
Packit |
c5a612 |
struct netlink_mon_handler *monh);
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
enum nft_data_types dtype_map_to_kernel(const struct datatype *dtype);
|
|
Packit |
c5a612 |
const struct datatype *dtype_map_from_kernel(enum nft_data_types type);
|
|
Packit |
c5a612 |
|
|
Packit |
c5a612 |
#endif /* NFTABLES_NETLINK_H */
|