libip6tc.h revision d59b9db031abee37a9aa9776662dd15370faabf4
15821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#ifndef _LIBIP6TC_H 25821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define _LIBIP6TC_H 35821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* Library which manipulates firewall rules. Version 0.2. */ 45821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 55821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include <linux/types.h> 65821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include <libiptc/ipt_kernel_headers.h> 75821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#ifdef __cplusplus 85821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)# include <climits> 92a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#else 101e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles)# include <limits.h> /* INT_MAX in ip6_tables.h */ 11868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles)#endif 125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include <linux/netfilter_ipv6/ip6_tables.h> 135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 142a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#ifndef IP6T_MIN_ALIGN 155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define IP6T_MIN_ALIGN (__alignof__(struct ip6t_entry)) 165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#endif 172a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#define IP6T_ALIGN(s) (((s) + (IP6T_MIN_ALIGN-1)) & ~(IP6T_MIN_ALIGN-1)) 185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)struct ip6tc_handle; 201320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci 211320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tuccitypedef char ip6t_chainlabel[32]; 225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define IP6TC_LABEL_ACCEPT "ACCEPT" 242a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#define IP6TC_LABEL_DROP "DROP" 252a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#define IP6TC_LABEL_QUEUE "QUEUE" 265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define IP6TC_LABEL_RETURN "RETURN" 275d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 285d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)/* Does this chain exist? */ 292a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)int ip6tc_is_chain(const char *chain, struct ip6tc_handle *const handle); 305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 312a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)/* Take a snapshot of the rules. Returns NULL on error. */ 325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)struct ip6tc_handle *ip6tc_init(const char *tablename); 335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 342a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)/* Cleanup after ip6tc_init(). */ 352a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)void ip6tc_free(struct ip6tc_handle *h); 362a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* Iterator functions to run through the chains. Returns NULL at end. */ 385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)const char *ip6tc_first_chain(struct ip6tc_handle *handle); 395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)const char *ip6tc_next_chain(struct ip6tc_handle *handle); 405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* Get first rule in the given chain: NULL for empty chain. */ 422a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)const struct ip6t_entry *ip6tc_first_rule(const char *chain, 436d86b77056ed63eb6871182f42a9fd5f07550f90Torne (Richard Coles) struct ip6tc_handle *handle); 442a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 455d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles)/* Returns NULL when rules run out. */ 465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)const struct ip6t_entry *ip6tc_next_rule(const struct ip6t_entry *prev, 475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) struct ip6tc_handle *handle); 482a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 49a36e5920737c6adbddd3e43b760e5de8431db6e0Torne (Richard Coles)/* Returns a pointer to the target name of this position. */ 50a36e5920737c6adbddd3e43b760e5de8431db6e0Torne (Richard Coles)const char *ip6tc_get_target(const struct ip6t_entry *e, 51a36e5920737c6adbddd3e43b760e5de8431db6e0Torne (Richard Coles) struct ip6tc_handle *handle); 522a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* Is this a built-in chain? */ 545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)int ip6tc_builtin(const char *chain, struct ip6tc_handle *const handle); 555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* Get the policy of a given built-in chain */ 575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)const char *ip6tc_get_policy(const char *chain, 585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) struct ip6t_counters *counters, 595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) struct ip6tc_handle *handle); 602a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 612a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)/* These functions return TRUE for OK or 0 and set errno. If errno == 622a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 0, it means there was a version error (ie. upgrade libiptc). */ 632a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)/* Rule numbers start at 1 for the first rule. */ 645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* Insert the entry `fw' in chain `chain' into position `rulenum'. */ 665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)int ip6tc_insert_entry(const ip6t_chainlabel chain, 675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const struct ip6t_entry *e, 685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned int rulenum, 695821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) struct ip6tc_handle *handle); 705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 712a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)/* Atomically replace rule `rulenum' in `chain' with `fw'. */ 725821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)int ip6tc_replace_entry(const ip6t_chainlabel chain, 735821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const struct ip6t_entry *e, 745821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned int rulenum, 752a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) struct ip6tc_handle *handle); 762a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 77a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7Torne (Richard Coles)/* Append entry `fw' to chain `chain'. Equivalent to insert with 782a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) rulenum = length of chain. */ 792a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)int ip6tc_append_entry(const ip6t_chainlabel chain, 805821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const struct ip6t_entry *e, 815821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) struct ip6tc_handle *handle); 822a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 832a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)/* Check whether a matching rule exists */ 842a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)int ip6tc_check_entry(const ip6t_chainlabel chain, 852a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) const struct ip6t_entry *origfw, 862a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) unsigned char *matchmask, 872a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) struct ip6tc_handle *handle); 882a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 892a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)/* Delete the first rule in `chain' which matches `fw'. */ 902a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)int ip6tc_delete_entry(const ip6t_chainlabel chain, 915821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const struct ip6t_entry *origfw, 925821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned char *matchmask, 935821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) struct ip6tc_handle *handle); 945821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 952a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)/* Delete the rule in position `rulenum' in `chain'. */ 962a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)int ip6tc_delete_num_entry(const ip6t_chainlabel chain, 975821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned int rulenum, 985821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) struct ip6tc_handle *handle); 995821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1005821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* Check the packet `fw' on chain `chain'. Returns the verdict, or 1015821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) NULL and sets errno. */ 1025821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)const char *ip6tc_check_packet(const ip6t_chainlabel chain, 1035d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) struct ip6t_entry *, 1042a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) struct ip6tc_handle *handle); 1055821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1065821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* Flushes the entries in the given chain (ie. empties chain). */ 1075821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)int ip6tc_flush_entries(const ip6t_chainlabel chain, 1085821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) struct ip6tc_handle *handle); 1095821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* Zeroes the counters in a chain. */ 1115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)int ip6tc_zero_entries(const ip6t_chainlabel chain, 1125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) struct ip6tc_handle *handle); 1135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* Creates a new chain. */ 1155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)int ip6tc_create_chain(const ip6t_chainlabel chain, 1165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) struct ip6tc_handle *handle); 1175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* Deletes a chain. */ 1192a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)int ip6tc_delete_chain(const ip6t_chainlabel chain, 1202a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) struct ip6tc_handle *handle); 1212a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 1222a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)/* Renames a chain. */ 1232a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)int ip6tc_rename_chain(const ip6t_chainlabel oldname, 1242a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) const ip6t_chainlabel newname, 1252a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) struct ip6tc_handle *handle); 1262a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 1275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* Sets the policy on a built-in chain. */ 1285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)int ip6tc_set_policy(const ip6t_chainlabel chain, 1295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const ip6t_chainlabel policy, 1305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) struct ip6t_counters *counters, 1315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) struct ip6tc_handle *handle); 1325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* Get the number of references to this chain */ 1345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)int ip6tc_get_references(unsigned int *ref, const ip6t_chainlabel chain, 1355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) struct ip6tc_handle *handle); 1365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* read packet and byte counters for a specific rule */ 1385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)struct ip6t_counters *ip6tc_read_counter(const ip6t_chainlabel chain, 1395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned int rulenum, 1405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) struct ip6tc_handle *handle); 1415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* zero packet and byte counters for a specific rule */ 1435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)int ip6tc_zero_counter(const ip6t_chainlabel chain, 1445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned int rulenum, 1455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) struct ip6tc_handle *handle); 1465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* set packet and byte counters for a specific rule */ 1485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)int ip6tc_set_counter(const ip6t_chainlabel chain, 1495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned int rulenum, 1505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) struct ip6t_counters *counters, 1515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) struct ip6tc_handle *handle); 1525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1532a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)/* Makes the actual changes. */ 1545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)int ip6tc_commit(struct ip6tc_handle *handle); 155eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 1565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* Get raw socket. */ 1575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)int ip6tc_get_raw_socket(void); 158eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch 159eb525c5499e34cc9c4b825d6d9e75bb07cc06aceBen Murdoch/* Translates errno numbers into more human-readable form than strerror. */ 1605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)const char *ip6tc_strerror(int err); 1615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)/* Return prefix length, or -1 if not contiguous */ 163cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)int ipv6_prefix_length(const struct in6_addr *a); 1645d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 165a93a17c8d99d686bd4a1511e5504e5e6cc9fcadfTorne (Richard Coles)extern void dump_entries6(struct ip6tc_handle *const); 166a93a17c8d99d686bd4a1511e5504e5e6cc9fcadfTorne (Richard Coles) 1675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#endif /* _LIBIP6TC_H */ 1685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)