ip6tables.h revision 29647c878ec485779b88a0c42f096ce028cabf15 
1#ifndef _IP6TABLES_USER_H
2#define _IP6TABLES_USER_H
3
4#include "iptables_common.h"
5#include "libiptc/libip6tc.h"
6
7#ifndef IP6T_LIB_DIR
8#define IP6T_LIB_DIR "/usr/local/lib/iptables"
9#endif
10
11#ifndef IPPROTO_SCTP
12#define IPPROTO_SCTP 132
13#endif
14#ifndef IPPROTO_DCCP
15#define IPPROTO_DCCP 33
16#endif
17#ifndef IPPROTO_UDPLITE
18#define IPPROTO_UDPLITE 136
19#endif
20
21#ifndef IP6T_SO_GET_REVISION_MATCH /* Old kernel source. */
22#define IP6T_SO_GET_REVISION_MATCH	68
23#define IP6T_SO_GET_REVISION_TARGET	69
24
25struct ip6t_get_revision
26{
27	char name[IP6T_FUNCTION_MAXNAMELEN-1];
28
29	u_int8_t revision;
30};
31#endif /* IP6T_SO_GET_REVISION_MATCH   Old kernel source */
32
33struct ip6tables_rule_match
34{
35	struct ip6tables_rule_match *next;
36
37	struct ip6tables_match *match;
38
39	/* Multiple matches of the same type: the ones before
40	   the current one are completed from parsing point of view */
41	unsigned int completed;
42};
43
44/* Include file for additions: new matches and targets. */
45struct ip6tables_match
46{
47	struct ip6tables_match *next;
48
49	ip6t_chainlabel name;
50
51	/* Revision of match (0 by default). */
52	u_int8_t revision;
53
54	const char *version;
55
56	/* Size of match data. */
57	size_t size;
58
59	/* Size of match data relevent for userspace comparison purposes */
60	size_t userspacesize;
61
62	/* Function which prints out usage message. */
63	void (*help)(void);
64
65	/* Initialize the match. */
66	void (*init)(struct ip6t_entry_match *m, unsigned int *nfcache);
67
68	/* Function which parses command options; returns true if it
69	   ate an option */
70	int (*parse)(int c, char **argv, int invert, unsigned int *flags,
71		     const struct ip6t_entry *entry,
72		     unsigned int *nfcache,
73		     struct ip6t_entry_match **match);
74
75	/* Final check; exit if not ok. */
76	void (*final_check)(unsigned int flags);
77
78	/* Prints out the match iff non-NULL: put space at end */
79	void (*print)(const struct ip6t_ip6 *ip,
80		      const struct ip6t_entry_match *match, int numeric);
81
82	/* Saves the union ipt_matchinfo in parsable form to stdout. */
83	void (*save)(const struct ip6t_ip6 *ip,
84		     const struct ip6t_entry_match *match);
85
86	/* Pointer to list of extra command-line options */
87	const struct option *extra_opts;
88
89	/* Ignore these men behind the curtain: */
90	unsigned int option_offset;
91	struct ip6t_entry_match *m;
92	unsigned int mflags;
93#ifdef NO_SHARED_LIBS
94	unsigned int loaded; /* simulate loading so options are merged properly */
95#endif
96};
97
98struct ip6tables_target
99{
100	struct ip6tables_target *next;
101
102	ip6t_chainlabel name;
103
104	const char *version;
105
106	/* Size of target data. */
107	size_t size;
108
109	/* Size of target data relevent for userspace comparison purposes */
110	size_t userspacesize;
111
112	/* Function which prints out usage message. */
113	void (*help)(void);
114
115	/* Initialize the target. */
116	void (*init)(struct ip6t_entry_target *t, unsigned int *nfcache);
117
118	/* Function which parses command options; returns true if it
119	   ate an option */
120	int (*parse)(int c, char **argv, int invert, unsigned int *flags,
121		     const struct ip6t_entry *entry,
122		     struct ip6t_entry_target **target);
123
124	/* Final check; exit if not ok. */
125	void (*final_check)(unsigned int flags);
126
127	/* Prints out the target iff non-NULL: put space at end */
128	void (*print)(const struct ip6t_ip6 *ip,
129		      const struct ip6t_entry_target *target, int numeric);
130
131	/* Saves the targinfo in parsable form to stdout. */
132	void (*save)(const struct ip6t_ip6 *ip,
133		     const struct ip6t_entry_target *target);
134
135	/* Pointer to list of extra command-line options */
136	struct option *extra_opts;
137
138	/* Ignore these men behind the curtain: */
139	unsigned int option_offset;
140	struct ip6t_entry_target *t;
141	unsigned int tflags;
142	unsigned int used;
143#ifdef NO_SHARED_LIBS
144	unsigned int loaded; /* simulate loading so options are merged properly */
145#endif
146};
147
148extern int line;
149
150/* Your shared library should call one of these. */
151extern void register_match6(struct ip6tables_match *me);
152extern void register_target6(struct ip6tables_target *me);
153
154extern int service_to_port(const char *name, const char *proto);
155extern u_int16_t parse_port(const char *port, const char *proto);
156extern int do_command6(int argc, char *argv[], char **table,
157		       ip6tc_handle_t *handle);
158/* Keeping track of external matches and targets: linked lists. */
159extern struct ip6tables_match *ip6tables_matches;
160extern struct ip6tables_target *ip6tables_targets;
161
162enum ip6t_tryload {
163	DONT_LOAD,
164	DURING_LOAD,
165	TRY_LOAD,
166	LOAD_MUST_SUCCEED
167};
168
169extern struct ip6tables_target *find_target(const char *name, enum ip6t_tryload);
170extern struct ip6tables_match *find_match(const char *name, enum ip6t_tryload, struct ip6tables_rule_match **match);
171
172extern void parse_interface(const char *arg, char *vianame, unsigned char *mask);
173
174extern int for_each_chain(int (*fn)(const ip6t_chainlabel, int, ip6tc_handle_t *), int verbose, int builtinstoo, ip6tc_handle_t *handle);
175extern int flush_entries(const ip6t_chainlabel chain, int verbose, ip6tc_handle_t *handle);
176extern int delete_chain(const ip6t_chainlabel chain, int verbose, ip6tc_handle_t *handle);
177extern int
178ip6tables_insmod(const char *modname, const char *modprobe, int quiet);
179extern int load_ip6tables_ko(const char *modprobe, int quiet);
180
181#endif /*_IP6TABLES_USER_H*/
182