761cf19d7b
for planned nft backend we have three choices: - open/close a new nfnetlink socket for every operation - keep a nfnetlink socket open internally - expose a opaque fw_ctx and stash all internal data here. Originally I opted for the 2nd option, but during review it was suggested to avoid static storage duration because of perceived problems with threaded applications. This adds fw_ctx and new/free functions, then converts the existing api and nspawn and networkd to use it.
29 lines
855 B
C
29 lines
855 B
C
/* SPDX-License-Identifier: LGPL-2.1-or-later */
|
|
#pragma once
|
|
|
|
#include <inttypes.h>
|
|
|
|
#include "firewall-util.h"
|
|
|
|
#include "sd-event.h"
|
|
#include "sd-netlink.h"
|
|
|
|
#include "in-addr-util.h"
|
|
#include "list.h"
|
|
|
|
typedef struct ExposePort {
|
|
int protocol;
|
|
uint16_t host_port;
|
|
uint16_t container_port;
|
|
LIST_FIELDS(struct ExposePort, ports);
|
|
} ExposePort;
|
|
|
|
void expose_port_free_all(ExposePort *p);
|
|
int expose_port_parse(ExposePort **l, const char *s);
|
|
|
|
int expose_port_watch_rtnl(sd_event *event, int recv_fd, sd_netlink_message_handler_t handler, void *userdata, sd_netlink **ret);
|
|
int expose_port_send_rtnl(int send_fd);
|
|
|
|
int expose_port_execute(sd_netlink *rtnl, FirewallContext **fw_ctx, ExposePort *l, union in_addr_union *exposed);
|
|
int expose_port_flush(FirewallContext **fw_ctx, ExposePort* l, union in_addr_union *exposed);
|