1/*
2 * MiniUPnP project
3 * http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
4 * (c) 2015 Tomofumi Hayashi
5 *
6 * This software is subject to the conditions detailed
7 * in the LICENCE file provided within the distribution.
8 */
9#include <sys/queue.h>
10
11#define NFT_TABLE_NAT  "nat"
12#define NFT_TABLE_FILTER  "filter"
13
14enum rule_reg_type {
15	RULE_REG_NONE,
16	RULE_REG_IIF,
17	RULE_REG_OIF,
18	RULE_REG_IP_SRC_ADDR,
19	RULE_REG_IP_DEST_ADDR,
20	RULE_REG_IP_SD_ADDR, /* source & dest */
21	RULE_REG_IP_PROTO,
22	RULE_REG_TCP_DPORT,
23	RULE_REG_TCP_SD_PORT, /* source & dest */
24	RULE_REG_IMM_VAL,
25	RULE_REG_MAX,
26};
27
28enum rule_type {
29	RULE_NONE,
30	RULE_NAT,
31	RULE_SNAT,
32	RULE_FILTER,
33	RULE_COUNTER,
34};
35
36typedef struct rule_ {
37	LIST_ENTRY(rule_t) entry;
38	char * table;
39	char * chain;
40	uint64_t handle;
41	enum rule_type type;
42	uint32_t nat_type;
43	uint32_t filter_action;
44	uint32_t family;
45	uint32_t ingress_ifidx;
46	uint32_t egress_ifidx;
47	in_addr_t eaddr;
48	in_addr_t iaddr;
49	in_addr_t rhost;
50	uint16_t eport;
51	uint16_t iport;
52	uint16_t rport;
53	uint8_t proto;
54	enum rule_reg_type reg1_type;
55	enum rule_reg_type reg2_type;
56	uint32_t reg1_val;
57	uint32_t reg2_val;
58	uint64_t packets;
59	uint64_t bytes;
60	char *desc;
61} rule_t;
62
63LIST_HEAD(rule_list, rule_);
64extern struct rule_list head;
65extern rule_t **peer_cache;
66extern rule_t **redirect_cache;
67
68int
69nft_send_request(struct nft_rule * rule, uint16_t cmd);
70struct nft_rule *
71rule_set_dnat(uint8_t family, const char * ifname, uint8_t proto,
72	      in_addr_t rhost, unsigned short eport,
73	      in_addr_t ihost, uint32_t iport,
74	      const char *descr,
75	      const char *handle);
76struct nft_rule *
77rule_set_snat(uint8_t family, uint8_t proto,
78	      in_addr_t rhost, unsigned short rport,
79	      in_addr_t ehost, unsigned short eport,
80	      in_addr_t ihost, unsigned short iport,
81	      const char *descr,
82	      const char *handle);
83struct nft_rule *
84rule_set_filter(uint8_t family, const char * ifname, uint8_t proto,
85		in_addr_t rhost, in_addr_t iaddr, unsigned short eport,
86		unsigned short iport, const char * descr, const char *handle);
87struct nft_rule *
88rule_del_handle(rule_t *r);
89void
90reflesh_nft_cache(uint32_t family);
91void print_rule(rule_t *r);
92