/*
* firewall3 - 3rd OpenWrt UCI firewall implementation
*
- * Copyright (C) 2013 Jo-Philipp Wich <jow@openwrt.org>
+ * Copyright (C) 2013 Jo-Philipp Wich <jo@mein.io>
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
#ifndef __FW3_IPSETS_H
#define __FW3_IPSETS_H
+#include <linux/netfilter/ipset/ip_set.h>
+
#include "options.h"
#include "utils.h"
-enum fw3_ipset_opts {
- FW3_IPSET_OPT_IPRANGE = (1 << 0),
- FW3_IPSET_OPT_PORTRANGE = (1 << 1),
- FW3_IPSET_OPT_NETMASK = (1 << 2),
- FW3_IPSET_OPT_HASHSIZE = (1 << 3),
- FW3_IPSET_OPT_MAXELEM = (1 << 4),
- FW3_IPSET_OPT_FAMILY = (1 << 5),
-};
-struct fw3_ipset_settype {
- enum fw3_ipset_method method;
- uint32_t types;
- uint8_t required;
- uint8_t optional;
-};
+extern const struct fw3_option fw3_ipset_opts[];
struct fw3_ipset * fw3_alloc_ipset(void);
void fw3_load_ipsets(struct fw3_state *state, struct uci_package *p);
void fw3_create_ipsets(struct fw3_state *state);
void fw3_destroy_ipsets(struct fw3_state *state);
-void fw3_free_ipset(struct fw3_ipset *ipset);
+struct fw3_ipset * fw3_lookup_ipset(struct fw3_state *state, const char *name);
+
+bool fw3_check_ipset(struct fw3_ipset *set);
+
+#define fw3_free_ipset(ipset) \
+ fw3_free_object(ipset, fw3_ipset_opts)
+
+
+#ifndef SO_IP_SET
+
+#define SO_IP_SET 83
+#define IPSET_MAXNAMELEN 32
+#define IPSET_INVALID_ID 65535
+
+union ip_set_name_index {
+ char name[IPSET_MAXNAMELEN];
+ uint16_t index;
+};
+
+#define IP_SET_OP_GET_BYNAME 0x00000006
+struct ip_set_req_get_set {
+ uint32_t op;
+ uint32_t version;
+ union ip_set_name_index set;
+};
+
+#define IP_SET_OP_VERSION 0x00000100
+struct ip_set_req_version {
+ uint32_t op;
+ uint32_t version;
+};
-struct fw3_ipset * fw3_lookup_ipset(struct fw3_state *state, const char *name,
- bool running);
+#endif /* SO_IP_SET */
#endif
projects / project / firewall3.git / blobdiff