ip6tables.h revision 29647c878ec485779b88a0c42f096ce028cabf15
1#ifndef _IP6TABLES_USER_H 2#define _IP6TABLES_USER_H 3 4#include "iptables_common.h" 5#include "libiptc/libip6tc.h" 6 7#ifndef IP6T_LIB_DIR 8#define IP6T_LIB_DIR "/usr/local/lib/iptables" 9#endif 10 11#ifndef IPPROTO_SCTP 12#define IPPROTO_SCTP 132 13#endif 14#ifndef IPPROTO_DCCP 15#define IPPROTO_DCCP 33 16#endif 17#ifndef IPPROTO_UDPLITE 18#define IPPROTO_UDPLITE 136 19#endif 20 21#ifndef IP6T_SO_GET_REVISION_MATCH /* Old kernel source. */ 22#define IP6T_SO_GET_REVISION_MATCH 68 23#define IP6T_SO_GET_REVISION_TARGET 69 24 25struct ip6t_get_revision 26{ 27 char name[IP6T_FUNCTION_MAXNAMELEN-1]; 28 29 u_int8_t revision; 30}; 31#endif /* IP6T_SO_GET_REVISION_MATCH Old kernel source */ 32 33struct ip6tables_rule_match 34{ 35 struct ip6tables_rule_match *next; 36 37 struct ip6tables_match *match; 38 39 /* Multiple matches of the same type: the ones before 40 the current one are completed from parsing point of view */ 41 unsigned int completed; 42}; 43 44/* Include file for additions: new matches and targets. */ 45struct ip6tables_match 46{ 47 struct ip6tables_match *next; 48 49 ip6t_chainlabel name; 50 51 /* Revision of match (0 by default). */ 52 u_int8_t revision; 53 54 const char *version; 55 56 /* Size of match data. */ 57 size_t size; 58 59 /* Size of match data relevent for userspace comparison purposes */ 60 size_t userspacesize; 61 62 /* Function which prints out usage message. */ 63 void (*help)(void); 64 65 /* Initialize the match. */ 66 void (*init)(struct ip6t_entry_match *m, unsigned int *nfcache); 67 68 /* Function which parses command options; returns true if it 69 ate an option */ 70 int (*parse)(int c, char **argv, int invert, unsigned int *flags, 71 const struct ip6t_entry *entry, 72 unsigned int *nfcache, 73 struct ip6t_entry_match **match); 74 75 /* Final check; exit if not ok. */ 76 void (*final_check)(unsigned int flags); 77 78 /* Prints out the match iff non-NULL: put space at end */ 79 void (*print)(const struct ip6t_ip6 *ip, 80 const struct ip6t_entry_match *match, int numeric); 81 82 /* Saves the union ipt_matchinfo in parsable form to stdout. */ 83 void (*save)(const struct ip6t_ip6 *ip, 84 const struct ip6t_entry_match *match); 85 86 /* Pointer to list of extra command-line options */ 87 const struct option *extra_opts; 88 89 /* Ignore these men behind the curtain: */ 90 unsigned int option_offset; 91 struct ip6t_entry_match *m; 92 unsigned int mflags; 93#ifdef NO_SHARED_LIBS 94 unsigned int loaded; /* simulate loading so options are merged properly */ 95#endif 96}; 97 98struct ip6tables_target 99{ 100 struct ip6tables_target *next; 101 102 ip6t_chainlabel name; 103 104 const char *version; 105 106 /* Size of target data. */ 107 size_t size; 108 109 /* Size of target data relevent for userspace comparison purposes */ 110 size_t userspacesize; 111 112 /* Function which prints out usage message. */ 113 void (*help)(void); 114 115 /* Initialize the target. */ 116 void (*init)(struct ip6t_entry_target *t, unsigned int *nfcache); 117 118 /* Function which parses command options; returns true if it 119 ate an option */ 120 int (*parse)(int c, char **argv, int invert, unsigned int *flags, 121 const struct ip6t_entry *entry, 122 struct ip6t_entry_target **target); 123 124 /* Final check; exit if not ok. */ 125 void (*final_check)(unsigned int flags); 126 127 /* Prints out the target iff non-NULL: put space at end */ 128 void (*print)(const struct ip6t_ip6 *ip, 129 const struct ip6t_entry_target *target, int numeric); 130 131 /* Saves the targinfo in parsable form to stdout. */ 132 void (*save)(const struct ip6t_ip6 *ip, 133 const struct ip6t_entry_target *target); 134 135 /* Pointer to list of extra command-line options */ 136 struct option *extra_opts; 137 138 /* Ignore these men behind the curtain: */ 139 unsigned int option_offset; 140 struct ip6t_entry_target *t; 141 unsigned int tflags; 142 unsigned int used; 143#ifdef NO_SHARED_LIBS 144 unsigned int loaded; /* simulate loading so options are merged properly */ 145#endif 146}; 147 148extern int line; 149 150/* Your shared library should call one of these. */ 151extern void register_match6(struct ip6tables_match *me); 152extern void register_target6(struct ip6tables_target *me); 153 154extern int service_to_port(const char *name, const char *proto); 155extern u_int16_t parse_port(const char *port, const char *proto); 156extern int do_command6(int argc, char *argv[], char **table, 157 ip6tc_handle_t *handle); 158/* Keeping track of external matches and targets: linked lists. */ 159extern struct ip6tables_match *ip6tables_matches; 160extern struct ip6tables_target *ip6tables_targets; 161 162enum ip6t_tryload { 163 DONT_LOAD, 164 DURING_LOAD, 165 TRY_LOAD, 166 LOAD_MUST_SUCCEED 167}; 168 169extern struct ip6tables_target *find_target(const char *name, enum ip6t_tryload); 170extern struct ip6tables_match *find_match(const char *name, enum ip6t_tryload, struct ip6tables_rule_match **match); 171 172extern void parse_interface(const char *arg, char *vianame, unsigned char *mask); 173 174extern int for_each_chain(int (*fn)(const ip6t_chainlabel, int, ip6tc_handle_t *), int verbose, int builtinstoo, ip6tc_handle_t *handle); 175extern int flush_entries(const ip6t_chainlabel chain, int verbose, ip6tc_handle_t *handle); 176extern int delete_chain(const ip6t_chainlabel chain, int verbose, ip6tc_handle_t *handle); 177extern int 178ip6tables_insmod(const char *modname, const char *modprobe, int quiet); 179extern int load_ip6tables_ko(const char *modprobe, int quiet); 180 181#endif /*_IP6TABLES_USER_H*/ 182