libiptc.h revision e6869a8f59d779ff4d5a0984c86d80db7078496 
1e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher#ifndef _LIBIPTC_H
2e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher#define _LIBIPTC_H
3e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher/* Library which manipulates filtering rules. */
4e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher
5e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher#include <libiptc/ipt_kernel_headers.h>
6e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher#include <linux/netfilter_ipv4/ip_tables.h>
7e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher
8e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher#ifndef IPT_MIN_ALIGN
9e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher#define IPT_MIN_ALIGN (__alignof__(struct ipt_entry_match))
10e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher#endif
11e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher#define IPT_ALIGN(s) (((s) + (IPT_MIN_ALIGN-1)) & ~(IPT_MIN_ALIGN-1))
12e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher
13e6869a8f59d779ff4d5a0984c86d80db7078496Marc Bouchertypedef char ipt_chainlabel[32];
14e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher
15e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher#define IPTC_LABEL_ACCEPT  "ACCEPT"
16e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher#define IPTC_LABEL_DROP    "DROP"
17e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher#define IPTC_LABEL_QUEUE   "QUEUE"
18e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher#define IPTC_LABEL_RETURN  "RETURN"
19e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher
20e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher/* Transparent handle type. */
21e6869a8f59d779ff4d5a0984c86d80db7078496Marc Bouchertypedef struct iptc_handle *iptc_handle_t;
22e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher
23e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher/* Does this chain exist? */
24e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucherint iptc_is_chain(const char *chain, const iptc_handle_t handle);
25e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher
26e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher/* Take a snapshot of the rules.  Returns NULL on error. */
27e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucheriptc_handle_t iptc_init(const char *tablename);
28e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher
29e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher/* Iterator functions to run through the chains; prev = NULL means
30e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher   first chain.  Returns NULL at end. */
31e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucherconst char *iptc_next_chain(const char *prev, iptc_handle_t *handle);
32e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher
33e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher/* How many rules in this chain? */
34e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucherunsigned int iptc_num_rules(const char *chain, iptc_handle_t *handle);
35e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher
36e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher/* Get n'th rule in this chain. */
37e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucherconst struct ipt_entry *iptc_get_rule(const char *chain,
38e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher				      unsigned int n,
39e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher				      iptc_handle_t *handle);
40e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher
41e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher/* Returns a pointer to the target name of this position. */
42e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucherconst char *iptc_get_target(const char *chain,
43e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher			    unsigned int n,
44e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher			    iptc_handle_t *handle);
45e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher
46e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher/* Is this a built-in chain? */
47e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucherint iptc_builtin(const char *chain, const iptc_handle_t handle);
48e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher
49e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher/* Get the policy of a given built-in chain */
50e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucherconst char *iptc_get_policy(const char *chain,
51e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher			    struct ipt_counters *counter,
52e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher			    iptc_handle_t *handle);
53e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher
54e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher/* These functions return TRUE for OK or 0 and set errno.  If errno ==
55e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher   0, it means there was a version error (ie. upgrade libiptc). */
56e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher/* Rule numbers start at 1 for the first rule. */
57e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher
58e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher/* Insert the entry `e' in chain `chain' into position `rulenum'. */
59e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucherint iptc_insert_entry(const ipt_chainlabel chain,
60e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher		      const struct ipt_entry *e,
61e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher		      unsigned int rulenum,
62e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher		      iptc_handle_t *handle);
63e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher
64e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher/* Atomically replace rule `rulenum' in `chain' with `e'. */
65e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucherint iptc_replace_entry(const ipt_chainlabel chain,
66e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher		       const struct ipt_entry *e,
67e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher		       unsigned int rulenum,
68e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher		       iptc_handle_t *handle);
69e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher
70e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher/* Append entry `e' to chain `chain'.  Equivalent to insert with
71e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher   rulenum = length of chain. */
72e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucherint iptc_append_entry(const ipt_chainlabel chain,
73e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher		      const struct ipt_entry *e,
74e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher		      iptc_handle_t *handle);
75e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher
76e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher/* Delete the first rule in `chain' which matches `e'. */
77e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucherint iptc_delete_entry(const ipt_chainlabel chain,
78e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher		      const struct ipt_entry *origfw,
79e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher		      iptc_handle_t *handle);
80e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher
81e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher/* Delete the rule in position `rulenum' in `chain'. */
82e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucherint iptc_delete_num_entry(const ipt_chainlabel chain,
83e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher			  unsigned int rulenum,
84e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher			  iptc_handle_t *handle);
85e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher
86e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher/* Check the packet `e' on chain `chain'.  Returns the verdict, or
87e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher   NULL and sets errno. */
88e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucherconst char *iptc_check_packet(const ipt_chainlabel chain,
89e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher			      struct ipt_entry *entry,
90e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher			      iptc_handle_t *handle);
91e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher
92e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher/* Flushes the entries in the given chain (ie. empties chain). */
93e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucherint iptc_flush_entries(const ipt_chainlabel chain,
94e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher		       iptc_handle_t *handle);
95e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher
96e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher/* Zeroes the counters in a chain. */
97e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucherint iptc_zero_entries(const ipt_chainlabel chain,
98e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher		      iptc_handle_t *handle);
99e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher
100e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher/* Creates a new chain. */
101e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucherint iptc_create_chain(const ipt_chainlabel chain,
102e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher		      iptc_handle_t *handle);
103e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher
104e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher/* Deletes a chain. */
105e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucherint iptc_delete_chain(const ipt_chainlabel chain,
106e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher		      iptc_handle_t *handle);
107e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher
108e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher/* Renames a chain. */
109e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucherint iptc_rename_chain(const ipt_chainlabel oldname,
110e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher		      const ipt_chainlabel newname,
111e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher		      iptc_handle_t *handle);
112e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher
113e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher/* Sets the policy on a built-in chain. */
114e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucherint iptc_set_policy(const ipt_chainlabel chain,
115e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher		    const ipt_chainlabel policy,
116e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher		    iptc_handle_t *handle);
117e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher
118e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher/* Get the number of references to this chain */
119e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucherint iptc_get_references(unsigned int *ref,
120e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher			const ipt_chainlabel chain,
121e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher			iptc_handle_t *handle);
122e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher
123e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher/* Makes the actual changes. */
124e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucherint iptc_commit(iptc_handle_t *handle);
125e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher
126e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher/* Get raw socket. */
127e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucherint iptc_get_raw_socket();
128e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher
129e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher/* Translates errno numbers into more human-readable form than strerror. */
130e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucherconst char *iptc_strerror(int err);
131e6869a8f59d779ff4d5a0984c86d80db7078496Marc Boucher#endif /* _LIBIPTC_H */
132