Home | History | Annotate | Line # | Download | only in ipset 
      1 /**
      2  * ipset.h
      3  *
      4  * Author: Kevin Chou
      5  * Email: k9982874 (at) gmail.com
      6  */
      7 #ifndef IPSET_H
      8 #define IPSET_H
      9 /** \file
     10  *
     11  * This file implements the ipset module.  It can handle packets by putting
     12  * the A and AAAA addresses that are configured in unbound.conf as type
     13  * ipset (local-zone statements) into a firewall rule IPSet.  For firewall
     14  * blacklist and whitelist usage.
     15  *
     16  * To use the IPset module, install the libmnl-dev (or libmnl-devel) package
     17  * and configure with --enable-ipset.  And compile.  Then enable the ipset
     18  * module in unbound.conf with module-config: "ipset validator iterator"
     19  * then create it with ipset -N blacklist iphash and then add
     20  * local-zone: "example.com." ipset
     21  * statements for the zones where you want the addresses of the names
     22  * looked up added to the set.
     23  *
     24  * Set the name of the set with
     25  * ipset:
     26  *   name-v4: "blacklist"
     27  *   name-v6: "blacklist6"
     28  * in unbound.conf.  The set can be used in this way:
     29  *   iptables -A INPUT -m set --set blacklist src -j DROP
     30  *   ip6tables -A INPUT -m set --set blacklist6 src -j DROP
     31  */
     32 
     33 #include "util/module.h"
     34 
     35 #ifdef __cplusplus
     36 extern "C" {
     37 #endif
     38 
     39 struct ipset_env {
     40 	void* dev;
     41 
     42 	int v4_enabled;
     43 	int v6_enabled;
     44 
     45 	const char *name_v4;
     46 	const char *name_v6;
     47 };
     48 
     49 struct ipset_qstate {
     50 	int dummy;
     51 };
     52 
     53 /** Startup the ipset module */
     54 int ipset_startup(struct module_env* env, int id);
     55 /** Destartup the ipset module */
     56 void ipset_destartup(struct module_env* env, int id);
     57 /** Init the ipset module */
     58 int ipset_init(struct module_env* env, int id);
     59 /** Deinit the ipset module */
     60 void ipset_deinit(struct module_env* env, int id);
     61 /** Operate on an event on a query (in qstate). */
     62 void ipset_operate(struct module_qstate* qstate, enum module_ev event,
     63 	int id, struct outbound_entry* outbound);
     64 /** Subordinate query done, inform this super request of its conclusion */
     65 void ipset_inform_super(struct module_qstate* qstate, int id,
     66 	struct module_qstate* super);
     67 /** clear the ipset query-specific contents out of qstate */
     68 void ipset_clear(struct module_qstate* qstate, int id);
     69 /** return memory estimate for ipset module */
     70 size_t ipset_get_mem(struct module_env* env, int id);
     71 
     72 /**
     73  * Get the function block with pointers to the ipset functions
     74  * @return the function block for "ipset".
     75  */
     76 struct module_func_block* ipset_get_funcblock(void);
     77 
     78 #ifdef __cplusplus
     79 }
     80 #endif
     81 
     82 #endif /* IPSET_H */
     83 
     84