CoCalc -- ipset.h

GitHub Repository: freebsd/freebsd-src
Path: blob/main/contrib/unbound/ipset/ipset.h
³⁴³⁷¹ views
1
/**
2
 * ipset.h
3
 *
4
 * Author: Kevin Chou
5
 * Email: [email protected]
6
 */
7
#ifndef IPSET_H
8
#define IPSET_H
9
/** \file
10
 *
11
 * This file implements the ipset module.  It can handle packets by putting
12
 * the A and AAAA addresses that are configured in unbound.conf as type
13
 * ipset (local-zone statements) into a firewall rule IPSet.  For firewall
14
 * blacklist and whitelist usage.
15
 *
16
 * To use the IPset module, install the libmnl-dev (or libmnl-devel) package
17
 * and configure with --enable-ipset.  And compile.  Then enable the ipset
18
 * module in unbound.conf with module-config: "ipset validator iterator"
19
 * then create it with ipset -N blacklist iphash and then add
20
 * local-zone: "example.com." ipset
21
 * statements for the zones where you want the addresses of the names
22
 * looked up added to the set.
23
 *
24
 * Set the name of the set with
25
 * ipset:
26
 *   name-v4: "blacklist"
27
 *   name-v6: "blacklist6"
28
 * in unbound.conf.  The set can be used in this way:
29
 *   iptables -A INPUT -m set --set blacklist src -j DROP
30
 *   ip6tables -A INPUT -m set --set blacklist6 src -j DROP
31
 */
32

33
#include "util/module.h"
34

35
#ifdef __cplusplus
36
extern "C" {
37
#endif
38

39
struct ipset_env {
40
	void* dev;
41

42
	int v4_enabled;
43
	int v6_enabled;
44

45
	const char *name_v4;
46
	const char *name_v6;
47
};
48

49
struct ipset_qstate {
50
	int dummy;
51
};
52

53
/** Startup the ipset module */
54
int ipset_startup(struct module_env* env, int id);
55
/** Destartup the ipset module */
56
void ipset_destartup(struct module_env* env, int id);
57
/** Init the ipset module */
58
int ipset_init(struct module_env* env, int id);
59
/** Deinit the ipset module */
60
void ipset_deinit(struct module_env* env, int id);
61
/** Operate on an event on a query (in qstate). */
62
void ipset_operate(struct module_qstate* qstate, enum module_ev event,
63
	int id, struct outbound_entry* outbound);
64
/** Subordinate query done, inform this super request of its conclusion */
65
void ipset_inform_super(struct module_qstate* qstate, int id,
66
	struct module_qstate* super);
67
/** clear the ipset query-specific contents out of qstate */
68
void ipset_clear(struct module_qstate* qstate, int id);
69
/** return memory estimate for ipset module */
70
size_t ipset_get_mem(struct module_env* env, int id);
71

72
/**
73
 * Get the function block with pointers to the ipset functions
74
 * @return the function block for "ipset".
75
 */
76
struct module_func_block* ipset_get_funcblock(void);
77

78
#ifdef __cplusplus
79
}
80
#endif
81

82
#endif /* IPSET_H */
83

84

85
Product

Resources

Company
