Exp checkpoint

author: Rich Fought <Rich.Fought@watchguard.com> 2012-10-05 06:55:04 -0700
committer: Rich Fought <Rich.Fought@watchguard.com> 2012-10-05 06:55:04 -0700
commit: 40457db1f458795de4529973a1bd8386e948cfe3 (patch)
tree: 57501cd2e6e1267b87b7c33bfa5d5f76c92cba45 /include
parent: ce72837c90a6adf750bee9e2cb2cb30e65ee3fb1 (diff)
download: libnl-40457db1f458795de4529973a1bd8386e948cfe3.tar.gz
2 files changed, 167 insertions, 0 deletions
diff --git a/include/netlink-types.h b/include/netlink-types.h
index 2e80b05..aeba518 100644
--- a/include/netlink-types.h
+++ b/include/netlink-types.h
@@ -779,6 +779,28 @@ struct nfnl_ct {
 	struct nfnl_ct_dir	ct_repl;
 };
 
+struct nfnl_exp {
+    NLHDR_COMMON
+
+    uint8_t         exp_family;     // IPv4, IPv6, etc - required
+    uint8_t         exp_proto;      // tcp, udp, etc - required
+    union nfnl_ct_protoinfo exp_protoinfo; // ??? Assured, etc?
+
+    uint32_t        exp_timeout;      // required afaik
+    uint32_t        exp_id;           // optional
+    uint16_t        exp_zone;         // optional
+    uint32_t        exp_class;        // optional
+    uint32_t        exp_flags;        // optional
+    char *          exp_helper_name; //optional
+    char *          exp_fn;          //optional
+    uint8_t         exp_nat_dir;     // optional
+
+    struct nfnl_ct_dir exp_expect; // required
+    struct nfnl_ct_dir exp_master; // required
+    struct nfnl_ct_dir exp_mask;   // required
+    struct nfnl_ct_dir exp_nat;    // optional
+};
+
 struct nfnl_log {
 	NLHDR_COMMON
 
diff --git a/include/netlink/netfilter/exp.h b/include/netlink/netfilter/exp.h
new file mode 100644
index 0000000..36a28e5
--- /dev/null
+++ b/include/netlink/netfilter/exp.h
@@ -0,0 +1,145 @@
+/*
+ * netlink/netfilter/exp.h   Conntrack Expectation
+ *
+ *  This library is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU Lesser General Public
+ *  License as published by the Free Software Foundation version 2.1
+ *  of the License.
+ *
+ * Copyright (c) 2003-2008 Thomas Graf <tgraf@suug.ch>
+ * Copyright (c) 2007 Philip Craig <philipc@snapgear.com>
+ * Copyright (c) 2007 Secure Computing Corporation
+ */
+
+#ifndef NETLINK_EXP_H_
+#define NETLINK_EXP_H_
+
+#include <netlink/netlink.h>
+#include <netlink/addr.h>
+#include <netlink/cache.h>
+#include <netlink/msg.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+struct nfnl_exp;
+
+enum nfnl_exp_tuples {
+    NFNL_EXP_EXPECT,
+    NFNL_EXP_MASTER,
+    NFNL_EXP_MASK,
+    NFNL_EXP_NAT
+};
+
+extern struct nl_object_ops exp_obj_ops;
+
+extern struct nfnl_exp * nfnl_exp_alloc(void);
+extern int  nfnl_exp_alloc_cache(struct nl_sock *, struct nl_cache **);
+
+extern int  nfnlmsg_exp_group(struct nlmsghdr *);
+extern int  nfnlmsg_exp_parse(struct nlmsghdr *, struct nfnl_exp **);
+
+extern void nfnl_exp_get(struct nfnl_exp *);
+extern void nfnl_exp_put(struct nfnl_exp *);
+
+extern int  nfnl_exp_dump_request(struct nl_sock *);
+
+extern int  nfnl_exp_build_add_request(const struct nfnl_exp *, int,
+                      struct nl_msg **);
+extern int  nfnl_exp_add(struct nl_sock *, const struct nfnl_exp *, int);
+
+extern int  nfnl_exp_build_delete_request(const struct nfnl_exp *, int,
+                         struct nl_msg **);
+extern int  nfnl_exp_del(struct nl_sock *, const struct nfnl_exp *, int);
+
+extern int  nfnl_exp_build_query_request(const struct nfnl_exp *, int,
+                        struct nl_msg **);
+extern int  nfnl_exp_query(struct nl_sock *, const struct nfnl_exp *, int);
+
+extern void nfnl_exp_set_family(struct nfnl_exp *, uint8_t);
+extern uint8_t  nfnl_exp_get_family(const struct nfnl_exp *);
+
+extern void nfnl_exp_set_proto(struct nfnl_exp *, uint8_t);
+extern int  nfnl_exp_test_proto(const struct nfnl_exp *);
+extern uint8_t  nfnl_exp_get_proto(const struct nfnl_exp *);
+
+extern void nfnl_exp_set_timeout(struct nfnl_exp *, uint32_t);
+extern int  nfnl_exp_test_timeout(const struct nfnl_exp *);
+extern uint32_t nfnl_exp_get_timeout(const struct nfnl_exp *);
+
+extern void nfnl_exp_set_id(struct nfnl_exp *, uint32_t);
+extern int  nfnl_exp_test_id(const struct nfnl_exp *);
+extern uint32_t nfnl_exp_get_id(const struct nfnl_exp *);
+
+extern int  nfnl_exp_set_helper_name(struct nfnl_exp *, void *);
+extern int  nfnl_exp_test_helper_name(const struct nfnl_exp *);
+extern const char * nfnl_exp_get_helper_name(const struct nfnl_exp *);
+
+extern void nfnl_exp_set_zone(struct nfnl_exp *, uint16_t);
+extern int  nfnl_exp_test_zone(const struct nfnl_exp *);
+extern uint16_t nfnl_exp_get_zone(const struct nfnl_exp *);
+
+extern void nfnl_exp_set_class(struct nfnl_exp *, uint32_t);
+extern int  nfnl_exp_test_class(const struct nfnl_exp *);
+extern uint32_t nfnl_exp_get_class(const struct nfnl_exp *);
+
+extern void nfnl_exp_set_flags(struct nfnl_exp *, uint32_t);
+extern int  nfnl_exp_test_flags(const struct nfnl_exp *);
+extern uint32_t nfnl_exp_get_flags(const struct nfnl_exp *);
+
+extern int  nfnl_exp_set_fn(struct nfnl_exp *, void *);
+extern int  nfnl_exp_test_fn(const struct nfnl_exp *);
+extern const char * nfnl_exp_get_fn(const struct nfnl_exp *);
+
+extern void nfnl_exp_set_nat_dir(struct nfnl_exp *, int, uint8_t);
+extern int  nfnl_exp_test_nat_dir(const struct nfnl_exp *, int);
+extern uint8_t nfnl_exp_get_nat_dir(const struct nfnl_exp *, int);
+
+// The int argument specifies which nfnl_ct_dir (expect, master, mask or nat)
+// Expectation objects only use orig, not reply
+extern int  nfnl_exp_test_tuple(const struct nfnl_exp *, int);
+
+extern int  nfnl_exp_set_src(struct nfnl_exp *, int, struct nl_addr *);
+extern struct nl_addr * nfnl_ct_get_src(const struct nfnl_exp *, int);
+
+extern int  nfnl_exp_set_dst(struct nfnl_exp *, int, struct nl_addr *);
+extern struct nl_addr * nfnl_exp_get_dst(const struct nfnl_exp *, int);
+
+extern int  nfnl_exp_set_l4proto(struct nfnl_exp *, int, uint8_t);
+extern int  nfnl_exp_test_l4proto(const struct nfnl_exp *);
+extern struct uint8_t * nfnl_exp_get_l4proto(const struct nfnl_exp *, int);
+
+extern void nfnl_exp_set_src_port(struct nfnl_exp *, int, uint16_t);
+extern uint16_t nfnl_exp_get_src_port(const struct nfnl_exp *, int);
+
+extern void nfnl_exp_set_dst_port(struct nfnl_exp *, int, uint16_t);
+extern uint16_t nfnl_exp_get_dst_port(const struct nfnl_exp *, int);
+
+extern void nfnl_exp_set_icmp_id(struct nfnl_exp *, int, uint16_t);
+extern uint16_t nfnl_exp_get_icmp_id(const struct nfnl_exp *, int);
+
+extern void nfnl_exp_set_icmp_type(struct nfnl_exp *, int, uint8_t);
+extern uint8_t  nfnl_exp_get_icmp_type(const struct nfnl_exp *, int);
+
+extern void nfnl_exp_set_icmp_code(struct nfnl_exp *, int, uint8_t);
+extern uint8_t  nfnl_exp_get_icmp_code(const struct nfnl_exp *, int);
+
+// TODO: Expectation table does support CPU stats get command, not sure if the same
+/*
+extern void nfnl_ct_set_packets(struct nfnl_ct *, int, uint64_t);
+extern int  nfnl_ct_test_packets(const struct nfnl_ct *, int);
+extern uint64_t nfnl_ct_get_packets(const struct nfnl_ct *,int);
+
+extern void nfnl_ct_set_bytes(struct nfnl_ct *, int, uint64_t);
+extern int  nfnl_ct_test_bytes(const struct nfnl_ct *, int);
+extern uint64_t nfnl_ct_get_bytes(const struct nfnl_ct *, int);
+*/
+
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
author	Rich Fought <Rich.Fought@watchguard.com>	2012-10-05 06:55:04 -0700
committer	Rich Fought <Rich.Fought@watchguard.com>	2012-10-05 06:55:04 -0700
commit	40457db1f458795de4529973a1bd8386e948cfe3 (patch)
tree	57501cd2e6e1267b87b7c33bfa5d5f76c92cba45 /include
parent	ce72837c90a6adf750bee9e2cb2cb30e65ee3fb1 (diff)
download	libnl-40457db1f458795de4529973a1bd8386e948cfe3.tar.gz