1dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#ifndef _IPTABLES_USER_H 2dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#define _IPTABLES_USER_H 3dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 4dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#include "iptables_common.h" 5dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#include "libiptc/libiptc.h" 6dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 7dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#ifndef IPT_LIB_DIR 8dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#define IPT_LIB_DIR "/usr/local/lib/iptables" 9dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#endif 10dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 11dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#ifndef IPPROTO_SCTP 12dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#define IPPROTO_SCTP 132 13dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#endif 14dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 15dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#ifndef IPT_SO_GET_REVISION_MATCH /* Old kernel source. */ 16dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#define IPT_SO_GET_REVISION_MATCH (IPT_BASE_CTL + 2) 17dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#define IPT_SO_GET_REVISION_TARGET (IPT_BASE_CTL + 3) 18dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 19dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehatstruct ipt_get_revision 20dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat{ 21dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat char name[IPT_FUNCTION_MAXNAMELEN-1]; 22dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 23dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat u_int8_t revision; 24dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat}; 25dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#endif /* IPT_SO_GET_REVISION_MATCH Old kernel source */ 26dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 27dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehatstruct iptables_rule_match 28dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat{ 29dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat struct iptables_rule_match *next; 30dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 31dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat struct iptables_match *match; 32dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat}; 33dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 34dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat/* Include file for additions: new matches and targets. */ 35dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehatstruct iptables_match 36dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat{ 37dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat struct iptables_match *next; 38dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 39dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat ipt_chainlabel name; 40dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 41dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat /* Revision of match (0 by default). */ 42dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat u_int8_t revision; 43dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 44dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat const char *version; 45dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 46dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat /* Size of match data. */ 47dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat size_t size; 48dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 49dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat /* Size of match data relevent for userspace comparison purposes */ 50dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat size_t userspacesize; 51dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 52dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat /* Function which prints out usage message. */ 53dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat void (*help)(void); 54dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 55dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat /* Initialize the match. */ 56dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat void (*init)(struct ipt_entry_match *m, unsigned int *nfcache); 57dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 58dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat /* Function which parses command options; returns true if it 59dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat ate an option */ 60dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat int (*parse)(int c, char **argv, int invert, unsigned int *flags, 61dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat const struct ipt_entry *entry, 62dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat unsigned int *nfcache, 63dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat struct ipt_entry_match **match); 64dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 65dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat /* Final check; exit if not ok. */ 66dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat void (*final_check)(unsigned int flags); 67dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 68dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat /* Prints out the match iff non-NULL: put space at end */ 69dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat void (*print)(const struct ipt_ip *ip, 70dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat const struct ipt_entry_match *match, int numeric); 71dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 72dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat /* Saves the match info in parsable form to stdout. */ 73dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat void (*save)(const struct ipt_ip *ip, 74dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat const struct ipt_entry_match *match); 75dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 76dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat /* Pointer to list of extra command-line options */ 77dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat const struct option *extra_opts; 78dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 79dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat /* Ignore these men behind the curtain: */ 80dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat unsigned int option_offset; 81dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat struct ipt_entry_match *m; 82dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat unsigned int mflags; 83dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#ifdef NO_SHARED_LIBS 84dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat unsigned int loaded; /* simulate loading so options are merged properly */ 85dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#endif 86dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat}; 87dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 88dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehatstruct iptables_target 89dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat{ 90dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat struct iptables_target *next; 91dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 92dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat ipt_chainlabel name; 93dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 94dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat /* Revision of target (0 by default). */ 95dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat u_int8_t revision; 96dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 97dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat const char *version; 98dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 99dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat /* Size of target data. */ 100dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat size_t size; 101dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 102dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat /* Size of target data relevent for userspace comparison purposes */ 103dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat size_t userspacesize; 104dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 105dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat /* Function which prints out usage message. */ 106dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat void (*help)(void); 107dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 108dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat /* Initialize the target. */ 109dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat void (*init)(struct ipt_entry_target *t, unsigned int *nfcache); 110dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 111dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat /* Function which parses command options; returns true if it 112dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat ate an option */ 113dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat int (*parse)(int c, char **argv, int invert, unsigned int *flags, 114dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat const struct ipt_entry *entry, 115dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat struct ipt_entry_target **target); 116dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 117dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat /* Final check; exit if not ok. */ 118dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat void (*final_check)(unsigned int flags); 119dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 120dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat /* Prints out the target iff non-NULL: put space at end */ 121dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat void (*print)(const struct ipt_ip *ip, 122dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat const struct ipt_entry_target *target, int numeric); 123dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 124dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat /* Saves the targinfo in parsable form to stdout. */ 125dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat void (*save)(const struct ipt_ip *ip, 126dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat const struct ipt_entry_target *target); 127dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 128dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat /* Pointer to list of extra command-line options */ 129dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat struct option *extra_opts; 130dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 131dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat /* Ignore these men behind the curtain: */ 132dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat unsigned int option_offset; 133dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat struct ipt_entry_target *t; 134dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat unsigned int tflags; 135dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat unsigned int used; 136dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#ifdef NO_SHARED_LIBS 137dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat unsigned int loaded; /* simulate loading so options are merged properly */ 138dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#endif 139dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat}; 140dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 141dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehatextern int line; 142dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 143dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat/* Your shared library should call one of these. */ 144dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehatextern void register_match(struct iptables_match *me); 145dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehatextern void register_target(struct iptables_target *me); 146dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 147dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehatextern struct in_addr *dotted_to_addr(const char *dotted); 148dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehatextern char *addr_to_dotted(const struct in_addr *addrp); 149dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehatextern char *addr_to_anyname(const struct in_addr *addr); 150dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehatextern char *mask_to_dotted(const struct in_addr *mask); 151dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 152dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehatextern void parse_hostnetworkmask(const char *name, struct in_addr **addrpp, 153dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat struct in_addr *maskp, unsigned int *naddrs); 154dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehatextern u_int16_t parse_protocol(const char *s); 155dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 156dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehatextern int do_command(int argc, char *argv[], char **table, 157dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat iptc_handle_t *handle); 158dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat/* Keeping track of external matches and targets: linked lists. */ 159dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehatextern struct iptables_match *iptables_matches; 160dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehatextern struct iptables_target *iptables_targets; 161dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 162dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehatenum ipt_tryload { 163dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat DONT_LOAD, 164dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat TRY_LOAD, 165dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat LOAD_MUST_SUCCEED 166dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat}; 167dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 168dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehatextern struct iptables_target *find_target(const char *name, enum ipt_tryload); 169dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehatextern struct iptables_match *find_match(const char *name, enum ipt_tryload, struct iptables_rule_match **match); 170dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 171dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehatextern int delete_chain(const ipt_chainlabel chain, int verbose, 172dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat iptc_handle_t *handle); 173dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehatextern int flush_entries(const ipt_chainlabel chain, int verbose, 174dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat iptc_handle_t *handle); 175dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehatextern int for_each_chain(int (*fn)(const ipt_chainlabel, int, iptc_handle_t *), 176dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat int verbose, int builtinstoo, iptc_handle_t *handle); 177dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#endif /*_IPTABLES_USER_H*/ 178