Monero
nftnlrdr_misc.h
Go to the documentation of this file.
1 /*
2  * MiniUPnP project
3  * http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
4  * (c) 2015 Tomofumi Hayashi
5  * (c) 2019 Paul Chambers
6  * (c) 2020 Thomas Bernard
7  *
8  * This software is subject to the conditions detailed
9  * in the LICENCE file provided within the distribution.
10  */
11 #include <sys/queue.h>
12 
13 extern const char * nft_table;
14 extern const char * nft_prerouting_chain;
15 extern const char * nft_postrouting_chain;
16 extern const char * nft_forward_chain;
17 
18 #define NFT_DESCR_SIZE 1024
19 
20 enum rule_reg_type {
21  RULE_REG_NONE,
22  RULE_REG_IIF,
23  RULE_REG_OIF,
24  RULE_REG_IP_SRC_ADDR,
25  RULE_REG_IP_DEST_ADDR,
26  RULE_REG_IP_SD_ADDR, /* source & dest */
27  RULE_REG_IP6_SRC_ADDR,
28  RULE_REG_IP6_DEST_ADDR,
29  RULE_REG_IP6_SD_ADDR, /* source & dest */
30  RULE_REG_IP_PROTO,
31  RULE_REG_IP6_PROTO,
32  RULE_REG_TCP_DPORT,
33  RULE_REG_TCP_SD_PORT, /* source & dest */
34  RULE_REG_IMM_VAL, /* immediate */
35  RULE_REG_MAX,
36 };
37 
38 enum rule_type {
39  RULE_NONE,
40  RULE_NAT,
41  RULE_FILTER,
42  RULE_COUNTER,
43 };
44 
45 enum rule_chain_type {
46  RULE_CHAIN_FILTER,
47  RULE_CHAIN_PEER,
48  RULE_CHAIN_REDIRECT,
49 };
50 
51 typedef struct rule_t {
52  LIST_ENTRY(rule_t) entry;
53  char * table;
54  char * chain;
55  uint64_t handle;
56  enum rule_type type;
57  uint32_t nat_type;
58  uint32_t filter_action;
59  uint32_t family;
60  uint32_t ingress_ifidx;
61  uint32_t egress_ifidx;
62  in_addr_t eaddr;
63  in_addr_t iaddr;
64  in_addr_t rhost;
65  struct in6_addr iaddr6;
66  struct in6_addr rhost6;
67  uint16_t eport;
68  uint16_t iport;
69  uint16_t rport;
70  uint8_t proto;
71  enum rule_reg_type reg1_type;
72  enum rule_reg_type reg2_type;
73  uint32_t reg1_val;
74  uint32_t reg2_val;
75  uint64_t packets;
76  uint64_t bytes;
77  char * desc;
78  uint32_t desc_len;
79 } rule_t;
80 
81 LIST_HEAD(rule_list, rule_t);
82 extern struct rule_list head_filter;
83 extern struct rule_list head_redirect;
84 extern struct rule_list head_peer;
85 
88 int
89 nft_mnl_connect(void);
90 
92 void
93 nft_mnl_disconnect(void);
94 
95 #ifdef DEBUG
96 void
97 print_rule(const char *func, int line, const struct nftnl_rule *rule);
98 
99 void
100 print_redirect_rules(const char * ifname);
101 
102 #define debug_rule(rule) do { print_rule(__func__, __LINE__, rule); } while (0)
103 
104 #else
105 #define debug_rule(rule)
106 #endif
107 
108 int
109 nft_send_rule(struct nftnl_rule * rule, uint16_t cmd, enum rule_chain_type type);
110 struct nftnl_rule *
111 rule_set_dnat(uint8_t family, const char * ifname, uint8_t proto,
112  in_addr_t rhost, unsigned short eport,
113  in_addr_t ihost, uint32_t iport,
114  const char *descr,
115  const char *handle);
116 struct nftnl_rule *
117 rule_set_snat(uint8_t family, uint8_t proto,
118  in_addr_t rhost, unsigned short rport,
119  in_addr_t ehost, unsigned short eport,
120  in_addr_t ihost, unsigned short iport,
121  const char *descr,
122  const char *handle);
123 struct nftnl_rule *
124 rule_set_filter(uint8_t family, const char * ifname, uint8_t proto,
125  in_addr_t rhost, in_addr_t iaddr,
126  unsigned short eport, unsigned short iport,
127  unsigned short rport, const char * descr, const char *handle);
128 struct nftnl_rule *
129 rule_set_filter6(uint8_t family, const char * ifname, uint8_t proto,
130  struct in6_addr *rhost6, struct in6_addr *iaddr6,
131  unsigned short eport, unsigned short iport,
132  unsigned short rport, const char *descr, const char *handle);
133 struct nftnl_rule *
134 rule_set_filter_common(struct nftnl_rule *r, uint8_t family, const char * ifname,
135  uint8_t proto, unsigned short eport, unsigned short iport,
136  unsigned short rport, const char *descr, const char *handle);
137 struct nftnl_rule *rule_del_handle(rule_t *r);
138 int refresh_nft_cache_filter(void);
139 int refresh_nft_cache_redirect(void);
140 int refresh_nft_cache_peer(void);
141 int refresh_nft_cache(struct rule_list *head, const char *table, const char *chain, uint32_t family, enum rule_type type);
142 
143 int
144 table_op(enum nf_tables_msg_types op, uint16_t family, const char * name);
145 int
146 chain_op(enum nf_tables_msg_types op, uint16_t family, const char * table,
147  const char * name, const char * type, uint32_t hooknum, signed int priority );
148 
149 struct mnl_nlmsg_batch *
150 start_batch( char *buf, size_t buf_size);
151 int
152 send_batch(struct mnl_nlmsg_batch * batch);
rule_t::desc
char * desc
Definition: nftnlrdr_misc.h:77
nft_mnl_connect
int nft_mnl_connect(void)
Definition: nftnlrdr_misc.c:91
RULE_CHAIN_FILTER
Definition: nftnlrdr_misc.h:46
rule_t::reg1_type
enum rule_reg_type reg1_type
Definition: nftnlrdr_misc.h:71
nft_forward_chain
const char * nft_forward_chain
Definition: nftnlrdr_misc.c:69
rule_t::chain
char * chain
Definition: nftnlrdr_misc.h:54
rule_t::type
enum rule_type type
Definition: nftnlrdr_misc.h:56
RULE_FILTER
Definition: nftnlrdr_misc.h:41
RULE_REG_IP_PROTO
Definition: nftnlrdr_misc.h:30
rule_t::rport
uint16_t rport
Definition: nftnlrdr_misc.h:69
nft_mnl_disconnect
void nft_mnl_disconnect(void)
Definition: nftnlrdr_misc.c:108
rule_t::proto
uint8_t proto
Definition: nftnlrdr_misc.h:70
ifname
static const char * ifname
Definition: testipfwrdr.c:17
start_batch
struct mnl_nlmsg_batch * start_batch(char *buf, size_t buf_size)
Definition: nftnlrdr_misc.c:1337
RULE_REG_IP_DEST_ADDR
Definition: nftnlrdr_misc.h:25
RULE_REG_IMM_VAL
Definition: nftnlrdr_misc.h:34
refresh_nft_cache
int refresh_nft_cache(struct rule_list *head, const char *table, const char *chain, uint32_t family, enum rule_type type)
Definition: nftnlrdr_misc.c:677
rule_set_dnat
struct nftnl_rule * rule_set_dnat(uint8_t family, const char *ifname, uint8_t proto, in_addr_t rhost, unsigned short eport, in_addr_t ihost, uint32_t iport, const char *descr, const char *handle)
Definition: nftnlrdr_misc.c:938
rule_t::bytes
uint64_t bytes
Definition: nftnlrdr_misc.h:76
rule_t::iaddr6
struct in6_addr iaddr6
Definition: nftnlrdr_misc.h:65
rule_t::rhost6
struct in6_addr rhost6
Definition: nftnlrdr_misc.h:66
send_batch
int send_batch(struct mnl_nlmsg_batch *batch)
Definition: nftnlrdr_misc.c:1366
pymoduletest.proto
string proto
Definition: pymoduletest.py:71
rule_t
Definition: nftnlrdr_misc.h:51
chain_op
int chain_op(enum nf_tables_msg_types op, uint16_t family, const char *table, const char *name, const char *type, uint32_t hooknum, signed int priority)
Definition: nftnlrdr_misc.c:1276
RULE_REG_IIF
Definition: nftnlrdr_misc.h:22
rule_t::table
char * table
Definition: nftnlrdr_misc.h:53
RULE_NAT
Definition: nftnlrdr_misc.h:40
RULE_REG_IP6_PROTO
Definition: nftnlrdr_misc.h:31
randomx::ExecutionPort::type
int type
Definition: superscalar.cpp:50
uint16_t
unsigned short uint16_t
Definition: stdint.h:125
rule_t::iaddr
in_addr_t iaddr
Definition: nftnlrdr_misc.h:63
RULE_REG_IP_SD_ADDR
Definition: nftnlrdr_misc.h:26
refresh_nft_cache_redirect
int refresh_nft_cache_redirect(void)
Definition: nftnlrdr_misc.c:640
refresh_nft_cache_peer
int refresh_nft_cache_peer(void)
Definition: nftnlrdr_misc.c:629
rule_t::iport
uint16_t iport
Definition: nftnlrdr_misc.h:68
refresh_nft_cache_filter
int refresh_nft_cache_filter(void)
Definition: nftnlrdr_misc.c:618
uint8_t
unsigned char uint8_t
Definition: stdint.h:124
RULE_REG_IP6_SRC_ADDR
Definition: nftnlrdr_misc.h:27
nft_postrouting_chain
const char * nft_postrouting_chain
Definition: nftnlrdr_misc.c:68
rule_t::LIST_ENTRY
LIST_ENTRY(rule_t) entry
rule_t::filter_action
uint32_t filter_action
Definition: nftnlrdr_misc.h:58
rule_t::nat_type
uint32_t nat_type
Definition: nftnlrdr_misc.h:57
RULE_REG_OIF
Definition: nftnlrdr_misc.h:23
head_peer
struct rule_list head_peer
Definition: nftnlrdr_misc.c:80
rule_t::eport
uint16_t eport
Definition: nftnlrdr_misc.h:67
rule_del_handle
struct nftnl_rule * rule_del_handle(rule_t *r)
Definition: nftnlrdr_misc.c:1151
rule_chain_type
rule_chain_type
Definition: nftnlrdr_misc.h:45
RULE_CHAIN_PEER
Definition: nftnlrdr_misc.h:47
nft_prerouting_chain
const char * nft_prerouting_chain
Definition: nftnlrdr_misc.c:67
functional_tests_rpc.cmd
cmd
Definition: functional_tests_rpc.py:143
head_filter
struct rule_list head_filter
Definition: nftnlrdr_misc.c:76
rule_t::reg2_val
uint32_t reg2_val
Definition: nftnlrdr_misc.h:74
LIST_HEAD
LIST_HEAD(rule_list, rule_t)
RULE_COUNTER
Definition: nftnlrdr_misc.h:42
rule_t
struct rule_t rule_t
uint32_t
unsigned int uint32_t
Definition: stdint.h:126
RULE_REG_NONE
Definition: nftnlrdr_misc.h:21
rule_t::eaddr
in_addr_t eaddr
Definition: nftnlrdr_misc.h:62
uint64_t
unsigned __int64 uint64_t
Definition: stdint.h:136
nft_send_rule
int nft_send_rule(struct nftnl_rule *rule, uint16_t cmd, enum rule_chain_type type)
Definition: nftnlrdr_misc.c:1187
rule_type
rule_type
Definition: nftnlrdr_misc.h:38
rule_reg_type
rule_reg_type
Definition: nftnlrdr_misc.h:20
buf
const char * buf
Definition: slow_memmem.cpp:73
table_op
int table_op(enum nf_tables_msg_types op, uint16_t family, const char *name)
Definition: nftnlrdr_misc.c:1228
head_redirect
struct rule_list head_redirect
Definition: nftnlrdr_misc.c:78
rule_t::desc_len
uint32_t desc_len
Definition: nftnlrdr_misc.h:78
rule_t::reg2_type
enum rule_reg_type reg2_type
Definition: nftnlrdr_misc.h:72
testupnpigd.r
r
Definition: testupnpigd.py:61
descr
const char * descr
Definition: cpu_power_test.cpp:29
RULE_REG_MAX
Definition: nftnlrdr_misc.h:35
rule_t::family
uint32_t family
Definition: nftnlrdr_misc.h:59
rule_set_filter
struct nftnl_rule * rule_set_filter(uint8_t family, const char *ifname, uint8_t proto, in_addr_t rhost, in_addr_t iaddr, unsigned short eport, unsigned short iport, unsigned short rport, const char *descr, const char *handle)
Definition: nftnlrdr_misc.c:1010
rule_set_filter_common
struct nftnl_rule * rule_set_filter_common(struct nftnl_rule *r, uint8_t family, const char *ifname, uint8_t proto, unsigned short eport, unsigned short iport, unsigned short rport, const char *descr, const char *handle)
Definition: nftnlrdr_misc.c:1093
rule_t::reg1_val
uint32_t reg1_val
Definition: nftnlrdr_misc.h:73
rule_set_filter6
struct nftnl_rule * rule_set_filter6(uint8_t family, const char *ifname, uint8_t proto, struct in6_addr *rhost6, struct in6_addr *iaddr6, unsigned short eport, unsigned short iport, unsigned short rport, const char *descr, const char *handle)
Definition: nftnlrdr_misc.c:1052
rule_t::rhost
in_addr_t rhost
Definition: nftnlrdr_misc.h:64
rule_set_snat
struct nftnl_rule * rule_set_snat(uint8_t family, uint8_t proto, in_addr_t rhost, unsigned short rport, in_addr_t ehost, unsigned short eport, in_addr_t ihost, unsigned short iport, const char *descr, const char *handle)
Definition: nftnlrdr_misc.c:862
rule_t::egress_ifidx
uint32_t egress_ifidx
Definition: nftnlrdr_misc.h:61
RULE_REG_TCP_DPORT
Definition: nftnlrdr_misc.h:32
RULE_REG_IP6_DEST_ADDR
Definition: nftnlrdr_misc.h:28
el::base::priority
static int priority(Level level)
Definition: easylogging++.cc:2128
name
const char * name
Definition: options.c:30
RULE_REG_IP6_SD_ADDR
Definition: nftnlrdr_misc.h:29
nft_table
const char * nft_table
Definition: nftnlrdr_misc.c:66
check.line
line
Definition: check.py:23
rule_t::handle
uint64_t handle
Definition: nftnlrdr_misc.h:55
RULE_NONE
Definition: nftnlrdr_misc.h:39
RULE_REG_IP_SRC_ADDR
Definition: nftnlrdr_misc.h:24
RULE_REG_TCP_SD_PORT
Definition: nftnlrdr_misc.h:33
RULE_CHAIN_REDIRECT
Definition: nftnlrdr_misc.h:48
rule_t::packets
uint64_t packets
Definition: nftnlrdr_misc.h:75
testupnpigd.eport
eport
Definition: testupnpigd.py:58
rule_t::ingress_ifidx
uint32_t ingress_ifidx
Definition: nftnlrdr_misc.h:60
Generated on Sun Oct 12 2025 12:00:00 for Monero by   doxygen 1.8.14