1/**
2 * ipset.h
3 *
4 * Author: Kevin Chou
5 * Email: k9982874@gmail.com
6 */
7#ifndef IPSET_H
8#define IPSET_H
9/** \file
10 *
11 * This file implements the ipset module.  It can handle packets by putting
12 * the A and AAAA addresses that are configured in unbound.conf as type
13 * ipset (local-zone statements) into a firewall rule IPSet.  For firewall
14 * blacklist and whitelist usage.
15 *
16 * To use the IPset module, install the libmnl-dev (or libmnl-devel) package
17 * and configure with --enable-ipset.  And compile.  Then enable the ipset
18 * module in unbound.conf with module-config: "ipset validator iterator"
19 * then create it with ipset -N blacklist iphash and then add
20 * local-zone: "example.com." ipset
21 * statements for the zones where you want the addresses of the names
22 * looked up added to the set.
23 *
24 * Set the name of the set with
25 * ipset:
26 *   name-v4: "blacklist"
27 *   name-v6: "blacklist6"
28 * in unbound.conf.  The set can be used in this way:
29 *   iptables -A INPUT -m set --set blacklist src -j DROP
30 *   ip6tables -A INPUT -m set --set blacklist6 src -j DROP
31 */
32
33#include "util/module.h"
34
35#ifdef __cplusplus
36extern "C" {
37#endif
38
39struct ipset_env {
40    void* mnl;
41
42	int v4_enabled;
43	int v6_enabled;
44
45	const char *name_v4;
46	const char *name_v6;
47};
48
49struct ipset_qstate {
50	int dummy;
51};
52
53/** Init the ipset module */
54int ipset_init(struct module_env* env, int id);
55/** Deinit the ipset module */
56void ipset_deinit(struct module_env* env, int id);
57/** Operate on an event on a query (in qstate). */
58void ipset_operate(struct module_qstate* qstate, enum module_ev event,
59	int id, struct outbound_entry* outbound);
60/** Subordinate query done, inform this super request of its conclusion */
61void ipset_inform_super(struct module_qstate* qstate, int id,
62	struct module_qstate* super);
63/** clear the ipset query-specific contents out of qstate */
64void ipset_clear(struct module_qstate* qstate, int id);
65/** return memory estimate for ipset module */
66size_t ipset_get_mem(struct module_env* env, int id);
67
68/**
69 * Get the function block with pointers to the ipset functions
70 * @return the function block for "ipset".
71 */
72struct module_func_block* ipset_get_funcblock(void);
73
74#ifdef __cplusplus
75}
76#endif
77
78#endif /* IPSET_H */
79
80