1 /* 2 * virfirewall.h: integration with firewalls 3 * 4 * Copyright (C) 2014 Red Hat, Inc. 5 * 6 * This library is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU Lesser General Public 8 * License as published by the Free Software Foundation; either 9 * version 2.1 of the License, or (at your option) any later version. 10 * 11 * This library is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 * Lesser General Public License for more details. 15 * 16 * You should have received a copy of the GNU Lesser General Public 17 * License along with this library. If not, see 18 * <http://www.gnu.org/licenses/>. 19 */ 20 21 #pragma once 22 23 #include "internal.h" 24 25 typedef struct _virFirewall virFirewall; 26 27 typedef struct _virFirewallRule virFirewallRule; 28 29 typedef enum { 30 VIR_FIREWALL_LAYER_ETHERNET, 31 VIR_FIREWALL_LAYER_IPV4, 32 VIR_FIREWALL_LAYER_IPV6, 33 34 VIR_FIREWALL_LAYER_LAST, 35 } virFirewallLayer; 36 37 virFirewall *virFirewallNew(void); 38 39 void virFirewallFree(virFirewall *firewall); 40 41 /** 42 * virFirewallAddRule: 43 * @firewall: firewall ruleset to add to 44 * @layer: the firewall layer to change 45 * @...: NULL terminated list of strings for the rule 46 * 47 * Add any type of rule to the firewall ruleset. 48 * 49 * Returns the new rule 50 */ 51 #define virFirewallAddRule(firewall, layer, ...) \ 52 virFirewallAddRuleFull(firewall, layer, false, NULL, NULL, __VA_ARGS__) 53 54 typedef int (*virFirewallQueryCallback)(virFirewall *firewall, 55 virFirewallLayer layer, 56 const char *const *lines, 57 void *opaque); 58 59 virFirewallRule *virFirewallAddRuleFull(virFirewall *firewall, 60 virFirewallLayer layer, 61 bool ignoreErrors, 62 virFirewallQueryCallback cb, 63 void *opaque, 64 ...) 65 G_GNUC_NULL_TERMINATED; 66 67 void virFirewallRemoveRule(virFirewall *firewall, 68 virFirewallRule *rule); 69 70 void virFirewallRuleAddArg(virFirewall *firewall, 71 virFirewallRule *rule, 72 const char *arg) 73 ATTRIBUTE_NONNULL(3); 74 75 void virFirewallRuleAddArgFormat(virFirewall *firewall, 76 virFirewallRule *rule, 77 const char *fmt, ...) 78 ATTRIBUTE_NONNULL(3) G_GNUC_PRINTF(3, 4); 79 80 void virFirewallRuleAddArgSet(virFirewall *firewall, 81 virFirewallRule *rule, 82 const char *const *args) 83 ATTRIBUTE_NONNULL(3); 84 85 void virFirewallRuleAddArgList(virFirewall *firewall, 86 virFirewallRule *rule, 87 ...) 88 G_GNUC_NULL_TERMINATED; 89 90 size_t virFirewallRuleGetArgCount(virFirewallRule *rule); 91 92 typedef enum { 93 /* Ignore all errors when applying rules, so no 94 * rollback block will be required */ 95 VIR_FIREWALL_TRANSACTION_IGNORE_ERRORS = (1 << 0), 96 } virFirewallTransactionFlags; 97 98 void virFirewallStartTransaction(virFirewall *firewall, 99 unsigned int flags); 100 101 typedef enum { 102 /* Execute previous rollback block before this 103 * one, to chain cleanup */ 104 VIR_FIREWALL_ROLLBACK_INHERIT_PREVIOUS = (1 << 0), 105 } virFirewallRollbackFlags; 106 107 void virFirewallStartRollback(virFirewall *firewall, 108 unsigned int flags); 109 110 int virFirewallApply(virFirewall *firewall); 111 112 void virFirewallBackendSynchronize(void); 113 114 G_DEFINE_AUTOPTR_CLEANUP_FUNC(virFirewall, virFirewallFree); 115