xref: /freebsd/contrib/unbound/ipset/ipset.h (revision 87b759f0fa1f7554d50ce640c40138512bbded44) 
1 /**
2  * ipset.h
3  *
4  * Author: Kevin Chou
5  * Email: k9982874@gmail.com
6  */
7 #ifndef IPSET_H
8 #define IPSET_H
9 /** \file
10  *
11  * This file implements the ipset module.  It can handle packets by putting
12  * the A and AAAA addresses that are configured in unbound.conf as type
13  * ipset (local-zone statements) into a firewall rule IPSet.  For firewall
14  * blacklist and whitelist usage.
15  *
16  * To use the IPset module, install the libmnl-dev (or libmnl-devel) package
17  * and configure with --enable-ipset.  And compile.  Then enable the ipset
18  * module in unbound.conf with module-config: "ipset validator iterator"
19  * then create it with ipset -N blacklist iphash and then add
20  * local-zone: "example.com." ipset
21  * statements for the zones where you want the addresses of the names
22  * looked up added to the set.
23  *
24  * Set the name of the set with
25  * ipset:
26  *   name-v4: "blacklist"
27  *   name-v6: "blacklist6"
28  * in unbound.conf.  The set can be used in this way:
29  *   iptables -A INPUT -m set --set blacklist src -j DROP
30  *   ip6tables -A INPUT -m set --set blacklist6 src -j DROP
31  */
32 
33 #include "util/module.h"
34 
35 #ifdef __cplusplus
36 extern "C" {
37 #endif
38 
39 struct ipset_env {
40 	void* dev;
41 
42 	int v4_enabled;
43 	int v6_enabled;
44 
45 	const char *name_v4;
46 	const char *name_v6;
47 };
48 
49 struct ipset_qstate {
50 	int dummy;
51 };
52 
53 /** Startup the ipset module */
54 int ipset_startup(struct module_env* env, int id);
55 /** Destartup the ipset module */
56 void ipset_destartup(struct module_env* env, int id);
57 /** Init the ipset module */
58 int ipset_init(struct module_env* env, int id);
59 /** Deinit the ipset module */
60 void ipset_deinit(struct module_env* env, int id);
61 /** Operate on an event on a query (in qstate). */
62 void ipset_operate(struct module_qstate* qstate, enum module_ev event,
63 	int id, struct outbound_entry* outbound);
64 /** Subordinate query done, inform this super request of its conclusion */
65 void ipset_inform_super(struct module_qstate* qstate, int id,
66 	struct module_qstate* super);
67 /** clear the ipset query-specific contents out of qstate */
68 void ipset_clear(struct module_qstate* qstate, int id);
69 /** return memory estimate for ipset module */
70 size_t ipset_get_mem(struct module_env* env, int id);
71 
72 /**
73  * Get the function block with pointers to the ipset functions
74  * @return the function block for "ipset".
75  */
76 struct module_func_block* ipset_get_funcblock(void);
77 
78 #ifdef __cplusplus
79 }
80 #endif
81 
82 #endif /* IPSET_H */
83 
84