Training courses

Kernel and Embedded Linux

Bootlin training courses

Embedded Linux, kernel,
Yocto Project, Buildroot, real-time,
graphics, boot time, debugging...

Bootlin logo

Elixir Cross Referencer

Open Menu /contrib/unbound/ipset/ipset.h 
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
/**
 * ipset.h
 *
 * Author: Kevin Chou
 * Email: k9982874@gmail.com
 */
#ifndef IPSET_H
#define IPSET_H
/** \file
 *
 * This file implements the ipset module.  It can handle packets by putting
 * the A and AAAA addresses that are configured in unbound.conf as type
 * ipset (local-zone statements) into a firewall rule IPSet.  For firewall
 * blacklist and whitelist usage.
 *
 * To use the IPset module, install the libmnl-dev (or libmnl-devel) package
 * and configure with --enable-ipset.  And compile.  Then enable the ipset
 * module in unbound.conf with module-config: "ipset validator iterator"
 * then create it with ipset -N blacklist iphash and then add
 * local-zone: "example.com." ipset
 * statements for the zones where you want the addresses of the names
 * looked up added to the set.
 *
 * Set the name of the set with
 * ipset:
 *   name-v4: "blacklist"
 *   name-v6: "blacklist6"
 * in unbound.conf.  The set can be used in this way:
 *   iptables -A INPUT -m set --set blacklist src -j DROP
 *   ip6tables -A INPUT -m set --set blacklist6 src -j DROP
 */

#include "util/module.h"

#ifdef __cplusplus
extern "C" {
#endif

struct ipset_env {
    void* mnl;

	int v4_enabled;
	int v6_enabled;

	const char *name_v4;
	const char *name_v6;
};

struct ipset_qstate {
	int dummy;
};

/** Init the ipset module */
int ipset_init(struct module_env* env, int id);
/** Deinit the ipset module */
void ipset_deinit(struct module_env* env, int id);
/** Operate on an event on a query (in qstate). */
void ipset_operate(struct module_qstate* qstate, enum module_ev event,
	int id, struct outbound_entry* outbound);
/** Subordinate query done, inform this super request of its conclusion */
void ipset_inform_super(struct module_qstate* qstate, int id,
	struct module_qstate* super);
/** clear the ipset query-specific contents out of qstate */
void ipset_clear(struct module_qstate* qstate, int id);
/** return memory estimate for ipset module */
size_t ipset_get_mem(struct module_env* env, int id);

/**
 * Get the function block with pointers to the ipset functions
 * @return the function block for "ipset".
 */
struct module_func_block* ipset_get_funcblock(void);

#ifdef __cplusplus
}
#endif

#endif /* IPSET_H */