15208806f2708f761e97e62550561e3164b541770Yasuyuki KOZAKAI#ifndef _XTABLES_H 25208806f2708f761e97e62550561e3164b541770Yasuyuki KOZAKAI#define _XTABLES_H 35208806f2708f761e97e62550561e3164b541770Yasuyuki KOZAKAI 4dacafa55379fd98212031d8c559096c91d7ce93bJan Engelhardt/* 5dacafa55379fd98212031d8c559096c91d7ce93bJan Engelhardt * Changing any structs/functions may incur a needed change 6dacafa55379fd98212031d8c559096c91d7ce93bJan Engelhardt * in libxtables_vcurrent/vage too. 7dacafa55379fd98212031d8c559096c91d7ce93bJan Engelhardt */ 8dacafa55379fd98212031d8c559096c91d7ce93bJan Engelhardt 9ef18e8147903885708d1c264904129af4fb636d6Jan Engelhardt#include <sys/socket.h> /* PF_* */ 100d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI#include <sys/types.h> 1171886fbb48ef50e212c43f5d7dffbab86f9ae31cStephen Hemminger#include <limits.h> 12ef18e8147903885708d1c264904129af4fb636d6Jan Engelhardt#include <stdbool.h> 13aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt#include <stddef.h> 14aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt#include <stdint.h> 1503d99486d8283552705b58dc55b6085dffc38792Jan Engelhardt#include <netinet/in.h> 16ef18e8147903885708d1c264904129af4fb636d6Jan Engelhardt#include <net/if.h> 175e9eaed23d0cf1cfdd49c88e68beb43e611f0191Jan Engelhardt#include <linux/types.h> 1803d99486d8283552705b58dc55b6085dffc38792Jan Engelhardt#include <linux/netfilter.h> 190d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI#include <linux/netfilter/x_tables.h> 200d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI 215cd1ff53a500256997519ec1d871750773c44803Yasuyuki KOZAKAI#ifndef IPPROTO_SCTP 225cd1ff53a500256997519ec1d871750773c44803Yasuyuki KOZAKAI#define IPPROTO_SCTP 132 235cd1ff53a500256997519ec1d871750773c44803Yasuyuki KOZAKAI#endif 245cd1ff53a500256997519ec1d871750773c44803Yasuyuki KOZAKAI#ifndef IPPROTO_DCCP 255cd1ff53a500256997519ec1d871750773c44803Yasuyuki KOZAKAI#define IPPROTO_DCCP 33 265cd1ff53a500256997519ec1d871750773c44803Yasuyuki KOZAKAI#endif 271de7edffc9085c0f41c261dca995e28ae4126c29Jan Engelhardt#ifndef IPPROTO_MH 281de7edffc9085c0f41c261dca995e28ae4126c29Jan Engelhardt# define IPPROTO_MH 135 291de7edffc9085c0f41c261dca995e28ae4126c29Jan Engelhardt#endif 305cd1ff53a500256997519ec1d871750773c44803Yasuyuki KOZAKAI#ifndef IPPROTO_UDPLITE 315cd1ff53a500256997519ec1d871750773c44803Yasuyuki KOZAKAI#define IPPROTO_UDPLITE 136 325cd1ff53a500256997519ec1d871750773c44803Yasuyuki KOZAKAI#endif 335cd1ff53a500256997519ec1d871750773c44803Yasuyuki KOZAKAI 34df60a301bf24c3b3e37188d9da155b97fd6dc076Jan Engelhardt#include <xtables-version.h> 35493c712d61c35a6d8db877b208d34c111337a918Jan Engelhardt 36ef18e8147903885708d1c264904129af4fb636d6Jan Engelhardtstruct in_addr; 37ef18e8147903885708d1c264904129af4fb636d6Jan Engelhardt 38aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt/* 39aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt * .size is here so that there is a somewhat reasonable check 40aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt * against the chosen .type. 41aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt */ 42aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt#define XTOPT_POINTER(stype, member) \ 43aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt .ptroff = offsetof(stype, member), \ 44aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt .size = sizeof(((stype *)NULL)->member) 45aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt#define XTOPT_TABLEEND {.name = NULL} 46aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt 47aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt/** 48d7282413763b0ba85d512c1cd49174b762ff449cJan Engelhardt * Select the format the input has to conform to, as well as the target type 49d7282413763b0ba85d512c1cd49174b762ff449cJan Engelhardt * (area pointed to with XTOPT_POINTER). Note that the storing is not always 50d7282413763b0ba85d512c1cd49174b762ff449cJan Engelhardt * uniform. @cb->val will be populated with as much as there is space, i.e. 51d7282413763b0ba85d512c1cd49174b762ff449cJan Engelhardt * exactly 2 items for ranges, but the target area can receive more values 52d7282413763b0ba85d512c1cd49174b762ff449cJan Engelhardt * (e.g. in case of ranges), or less values (e.g. %XTTYPE_HOSTMASK). 53d7282413763b0ba85d512c1cd49174b762ff449cJan Engelhardt * 54aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt * %XTTYPE_NONE: option takes no argument 55a93142d5f55db74ebd7d49be9bd88f7a499ded40Jan Engelhardt * %XTTYPE_UINT*: standard integer 5604bb988275ac76815a15788a7fc75ac78f3bb833Jan Engelhardt * %XTTYPE_UINT*RC: colon-separated range of standard integers 57f012b3c9190cd95ac170072f759a97575613ea07Jan Engelhardt * %XTTYPE_DOUBLE: double-precision floating point number 584a0a17620017c1f45946b2cde7139ef18ea3d93cJan Engelhardt * %XTTYPE_STRING: arbitrary string 5961cc52b6f9edfa3efb1d0c9ea9531abb42828ec2Jan Engelhardt * %XTTYPE_TOSMASK: 8-bit TOS value with optional mask 60d25e217578492d17f7752bf77cfab5f2c2509795Jan Engelhardt * %XTTYPE_MARKMASK32: 32-bit mark with optional mask 6141a4cea0f4109fb76762dca073c3c1217658ee06Jan Engelhardt * %XTTYPE_SYSLOGLEVEL: syslog level by name or number 62d7282413763b0ba85d512c1cd49174b762ff449cJan Engelhardt * %XTTYPE_HOST: one host or address (ptr: union nf_inet_addr) 6366266abd17adc9631f3769ef0b82968c0bac6f38Jan Engelhardt * %XTTYPE_HOSTMASK: one host or address, with an optional prefix length 6466266abd17adc9631f3769ef0b82968c0bac6f38Jan Engelhardt * (ptr: union nf_inet_addr; only host portion is stored) 65170cf49a630fd0d237818b537c01794dde00b07aJan Engelhardt * %XTTYPE_PROTOCOL: protocol number/name from /etc/protocols (ptr: uint8_t) 66c02c92d1fcaa1223caf9a5eef32bedcb78f1e714Jan Engelhardt * %XTTYPE_PORT: 16-bit port name or number (supports %XTOPT_NBO) 67c02c92d1fcaa1223caf9a5eef32bedcb78f1e714Jan Engelhardt * %XTTYPE_PORTRC: colon-separated port range (names acceptable), 68c02c92d1fcaa1223caf9a5eef32bedcb78f1e714Jan Engelhardt * (supports %XTOPT_NBO) 69fa9b759bacc0ad6a093892ef508811e7feb981b0Jan Engelhardt * %XTTYPE_PLEN: prefix length 70d7282413763b0ba85d512c1cd49174b762ff449cJan Engelhardt * %XTTYPE_PLENMASK: prefix length (ptr: union nf_inet_addr) 71cb225e26856accf5661dcbc3cf34d7f77b2f0c36Jan Engelhardt * %XTTYPE_ETHERMAC: Ethernet MAC address in hex form 72aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt */ 73aa37acc1423126f555135935c687eb91995b9440Jan Engelhardtenum xt_option_type { 74aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt XTTYPE_NONE, 75dfe99f1bf291b4b954d3608dbe95a43e16a8bb49Jan Engelhardt XTTYPE_UINT8, 760eff54bd407aae6b99c3b189d356929e399b5a38Jan Engelhardt XTTYPE_UINT16, 77a93142d5f55db74ebd7d49be9bd88f7a499ded40Jan Engelhardt XTTYPE_UINT32, 788b5bdea659f1fb86b3288a2568ab104a90b914e5Jan Engelhardt XTTYPE_UINT64, 798bf513ada0aae0e4b1ac5160113fc532c2f525d0Jan Engelhardt XTTYPE_UINT8RC, 80564eaf48e14411803a353206eefbb89d525c63ffJan Engelhardt XTTYPE_UINT16RC, 8104bb988275ac76815a15788a7fc75ac78f3bb833Jan Engelhardt XTTYPE_UINT32RC, 82bc438c4cbdab09fafbbceecddd54e44e4234a4a1Jan Engelhardt XTTYPE_UINT64RC, 83f012b3c9190cd95ac170072f759a97575613ea07Jan Engelhardt XTTYPE_DOUBLE, 844a0a17620017c1f45946b2cde7139ef18ea3d93cJan Engelhardt XTTYPE_STRING, 8561cc52b6f9edfa3efb1d0c9ea9531abb42828ec2Jan Engelhardt XTTYPE_TOSMASK, 86d25e217578492d17f7752bf77cfab5f2c2509795Jan Engelhardt XTTYPE_MARKMASK32, 8741a4cea0f4109fb76762dca073c3c1217658ee06Jan Engelhardt XTTYPE_SYSLOGLEVEL, 88d7282413763b0ba85d512c1cd49174b762ff449cJan Engelhardt XTTYPE_HOST, 8966266abd17adc9631f3769ef0b82968c0bac6f38Jan Engelhardt XTTYPE_HOSTMASK, 90170cf49a630fd0d237818b537c01794dde00b07aJan Engelhardt XTTYPE_PROTOCOL, 91b8592fa3352018646b0befaa48f930f75c5b7d92Jan Engelhardt XTTYPE_PORT, 92f30231a02e145020fb47524f9a0daeb498a4f7d0Jan Engelhardt XTTYPE_PORTRC, 93fa9b759bacc0ad6a093892ef508811e7feb981b0Jan Engelhardt XTTYPE_PLEN, 94e8b42fee7eaa1ba6df203fe0bc4496cae226cbd2Jan Engelhardt XTTYPE_PLENMASK, 95cb225e26856accf5661dcbc3cf34d7f77b2f0c36Jan Engelhardt XTTYPE_ETHERMAC, 96aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt}; 97aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt 98aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt/** 99aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt * %XTOPT_INVERT: option is invertible (usable with !) 100aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt * %XTOPT_MAND: option is mandatory 101aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt * %XTOPT_MULTI: option may be specified multiple times 102aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt * %XTOPT_PUT: store value into memory at @ptroff 103c02c92d1fcaa1223caf9a5eef32bedcb78f1e714Jan Engelhardt * %XTOPT_NBO: store value in network-byte order 104c02c92d1fcaa1223caf9a5eef32bedcb78f1e714Jan Engelhardt * (only certain XTTYPEs recognize this) 105aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt */ 106aa37acc1423126f555135935c687eb91995b9440Jan Engelhardtenum xt_option_flags { 107aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt XTOPT_INVERT = 1 << 0, 108aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt XTOPT_MAND = 1 << 1, 109aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt XTOPT_MULTI = 1 << 2, 110aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt XTOPT_PUT = 1 << 3, 111c02c92d1fcaa1223caf9a5eef32bedcb78f1e714Jan Engelhardt XTOPT_NBO = 1 << 4, 112aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt}; 113aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt 114aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt/** 115aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt * @name: name of option 116aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt * @type: type of input and validation method, see %XTTYPE_* 117aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt * @id: unique number (within extension) for option, 0-31 118aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt * @excl: bitmask of flags that cannot be used with this option 119aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt * @also: bitmask of flags that must be used with this option 120aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt * @flags: bitmask of option flags, see %XTOPT_* 121aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt * @ptroff: offset into private structure for member 122aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt * @size: size of the item pointed to by @ptroff; this is a safeguard 123d78254d7f9d18ef76377a3013302430cce8ea702Jan Engelhardt * @min: lowest allowed value (for singular integral types) 124d78254d7f9d18ef76377a3013302430cce8ea702Jan Engelhardt * @max: highest allowed value (for singular integral types) 125aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt */ 126aa37acc1423126f555135935c687eb91995b9440Jan Engelhardtstruct xt_option_entry { 127aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt const char *name; 128aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt enum xt_option_type type; 129aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt unsigned int id, excl, also, flags; 130aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt unsigned int ptroff; 131aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt size_t size; 132d78254d7f9d18ef76377a3013302430cce8ea702Jan Engelhardt unsigned int min, max; 133aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt}; 134aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt 135aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt/** 136aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt * @arg: input from command line 137aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt * @ext_name: name of extension currently being processed 138aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt * @entry: current option being processed 1392dba676b68ef842025f3afecba26cb0b2ae4c09bJan Engelhardt * @data: per-extension kernel data block 140aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt * @xflags: options of the extension that have been used 141aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt * @invert: whether option was used with ! 14204bb988275ac76815a15788a7fc75ac78f3bb833Jan Engelhardt * @nvals: number of results in uXX_multi 143aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt * @val: parsed result 1442dba676b68ef842025f3afecba26cb0b2ae4c09bJan Engelhardt * @udata: per-extension private scratch area 1452dba676b68ef842025f3afecba26cb0b2ae4c09bJan Engelhardt * (cf. xtables_{match,target}->udata_size) 146aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt */ 147aa37acc1423126f555135935c687eb91995b9440Jan Engelhardtstruct xt_option_call { 148aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt const char *arg, *ext_name; 149aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt const struct xt_option_entry *entry; 150aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt void *data; 151aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt unsigned int xflags; 152aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt bool invert; 15304bb988275ac76815a15788a7fc75ac78f3bb833Jan Engelhardt uint8_t nvals; 154aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt union { 155170cf49a630fd0d237818b537c01794dde00b07aJan Engelhardt uint8_t u8, u8_range[2], syslog_level, protocol; 156f30231a02e145020fb47524f9a0daeb498a4f7d0Jan Engelhardt uint16_t u16, u16_range[2], port, port_range[2]; 15704bb988275ac76815a15788a7fc75ac78f3bb833Jan Engelhardt uint32_t u32, u32_range[2]; 158bc438c4cbdab09fafbbceecddd54e44e4234a4a1Jan Engelhardt uint64_t u64, u64_range[2]; 159f012b3c9190cd95ac170072f759a97575613ea07Jan Engelhardt double dbl; 160d7282413763b0ba85d512c1cd49174b762ff449cJan Engelhardt struct { 161d7282413763b0ba85d512c1cd49174b762ff449cJan Engelhardt union nf_inet_addr haddr, hmask; 162d7282413763b0ba85d512c1cd49174b762ff449cJan Engelhardt uint8_t hlen; 163d7282413763b0ba85d512c1cd49174b762ff449cJan Engelhardt }; 164d25e217578492d17f7752bf77cfab5f2c2509795Jan Engelhardt struct { 16561cc52b6f9edfa3efb1d0c9ea9531abb42828ec2Jan Engelhardt uint8_t tos_value, tos_mask; 16661cc52b6f9edfa3efb1d0c9ea9531abb42828ec2Jan Engelhardt }; 16761cc52b6f9edfa3efb1d0c9ea9531abb42828ec2Jan Engelhardt struct { 168d25e217578492d17f7752bf77cfab5f2c2509795Jan Engelhardt uint32_t mark, mask; 169d25e217578492d17f7752bf77cfab5f2c2509795Jan Engelhardt }; 170cb225e26856accf5661dcbc3cf34d7f77b2f0c36Jan Engelhardt uint8_t ethermac[6]; 171aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt } val; 17287a34d7aef2cba833f4f36536575dee304bbece5Jan Engelhardt /* Wished for a world where the ones below were gone: */ 17333d180871bea281a448efd0c1a49517318162382Jan Engelhardt union { 17433d180871bea281a448efd0c1a49517318162382Jan Engelhardt struct xt_entry_match **match; 17533d180871bea281a448efd0c1a49517318162382Jan Engelhardt struct xt_entry_target **target; 17633d180871bea281a448efd0c1a49517318162382Jan Engelhardt }; 17787a34d7aef2cba833f4f36536575dee304bbece5Jan Engelhardt void *xt_entry; 1782dba676b68ef842025f3afecba26cb0b2ae4c09bJan Engelhardt void *udata; 179aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt}; 180aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt 1813af739b0e7c3b6dcc986645c57c982d0add5006bJan Engelhardt/** 1823af739b0e7c3b6dcc986645c57c982d0add5006bJan Engelhardt * @ext_name: name of extension currently being processed 1832dba676b68ef842025f3afecba26cb0b2ae4c09bJan Engelhardt * @data: per-extension (kernel) data block 1842dba676b68ef842025f3afecba26cb0b2ae4c09bJan Engelhardt * @udata: per-extension private scratch area 1852dba676b68ef842025f3afecba26cb0b2ae4c09bJan Engelhardt * (cf. xtables_{match,target}->udata_size) 1863af739b0e7c3b6dcc986645c57c982d0add5006bJan Engelhardt * @xflags: options of the extension that have been used 1873af739b0e7c3b6dcc986645c57c982d0add5006bJan Engelhardt */ 1883af739b0e7c3b6dcc986645c57c982d0add5006bJan Engelhardtstruct xt_fcheck_call { 1893af739b0e7c3b6dcc986645c57c982d0add5006bJan Engelhardt const char *ext_name; 1902dba676b68ef842025f3afecba26cb0b2ae4c09bJan Engelhardt void *data, *udata; 1913af739b0e7c3b6dcc986645c57c982d0add5006bJan Engelhardt unsigned int xflags; 1923af739b0e7c3b6dcc986645c57c982d0add5006bJan Engelhardt}; 1933af739b0e7c3b6dcc986645c57c982d0add5006bJan Engelhardt 1942e0ec4fa0fb5162c441cd666f55fe76777e40d5eJan Engelhardt/** 1952e0ec4fa0fb5162c441cd666f55fe76777e40d5eJan Engelhardt * A "linear"/linked-list based name<->id map, for files similar to 1962e0ec4fa0fb5162c441cd666f55fe76777e40d5eJan Engelhardt * /etc/iproute2/. 1972e0ec4fa0fb5162c441cd666f55fe76777e40d5eJan Engelhardt */ 1982e0ec4fa0fb5162c441cd666f55fe76777e40d5eJan Engelhardtstruct xtables_lmap { 1992e0ec4fa0fb5162c441cd666f55fe76777e40d5eJan Engelhardt char *name; 2002e0ec4fa0fb5162c441cd666f55fe76777e40d5eJan Engelhardt int id; 2012e0ec4fa0fb5162c441cd666f55fe76777e40d5eJan Engelhardt struct xtables_lmap *next; 2022e0ec4fa0fb5162c441cd666f55fe76777e40d5eJan Engelhardt}; 2032e0ec4fa0fb5162c441cd666f55fe76777e40d5eJan Engelhardt 204efcdba41ca6bde51c8753cb30c869c370f0a3b93Jozsef Kadlecsikenum xtables_ext_flags { 205efcdba41ca6bde51c8753cb30c869c370f0a3b93Jozsef Kadlecsik XTABLES_EXT_ALIAS = 1 << 0, 206efcdba41ca6bde51c8753cb30c869c370f0a3b93Jozsef Kadlecsik}; 207efcdba41ca6bde51c8753cb30c869c370f0a3b93Jozsef Kadlecsik 2080d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI/* Include file for additions: new matches and targets. */ 2090d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAIstruct xtables_match 2100d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI{ 211c4edfa63eda06f02cc5bc1a65d366c55bd2eda30Jan Engelhardt /* 212c4edfa63eda06f02cc5bc1a65d366c55bd2eda30Jan Engelhardt * ABI/API version this module requires. Must be first member, 213c4edfa63eda06f02cc5bc1a65d366c55bd2eda30Jan Engelhardt * as the rest of this struct may be subject to ABI changes. 214c4edfa63eda06f02cc5bc1a65d366c55bd2eda30Jan Engelhardt */ 215c4edfa63eda06f02cc5bc1a65d366c55bd2eda30Jan Engelhardt const char *version; 216c4edfa63eda06f02cc5bc1a65d366c55bd2eda30Jan Engelhardt 2170d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI struct xtables_match *next; 2180d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI 219ef18e8147903885708d1c264904129af4fb636d6Jan Engelhardt const char *name; 220c436dad7cfdd80ca4a05ceed556c39babc266f55Jan Engelhardt const char *real_name; 2210d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI 2220d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI /* Revision of match (0 by default). */ 2230d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI u_int8_t revision; 2240d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI 225efcdba41ca6bde51c8753cb30c869c370f0a3b93Jozsef Kadlecsik /* Extension flags */ 226efcdba41ca6bde51c8753cb30c869c370f0a3b93Jozsef Kadlecsik u_int8_t ext_flags; 227efcdba41ca6bde51c8753cb30c869c370f0a3b93Jozsef Kadlecsik 2280d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI u_int16_t family; 2290d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI 2300d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI /* Size of match data. */ 2310d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI size_t size; 2320d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI 2330d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI /* Size of match data relevent for userspace comparison purposes */ 2340d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI size_t userspacesize; 2350d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI 2360d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI /* Function which prints out usage message. */ 2370d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI void (*help)(void); 2380d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI 2390d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI /* Initialize the match. */ 240ea146a982e26c42f9954f140276f8deeb2edbe98Peter Riley void (*init)(struct xt_entry_match *m); 2410d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI 2420d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI /* Function which parses command options; returns true if it 2430d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI ate an option */ 2440d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI /* entry is struct ipt_entry for example */ 2450d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI int (*parse)(int c, char **argv, int invert, unsigned int *flags, 2460d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI const void *entry, 2470d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI struct xt_entry_match **match); 2480d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI 2490d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI /* Final check; exit if not ok. */ 2500d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI void (*final_check)(unsigned int flags); 2510d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI 2520d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI /* Prints out the match iff non-NULL: put space at end */ 2530d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI /* ip is struct ipt_ip * for example */ 2540d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI void (*print)(const void *ip, 2550d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI const struct xt_entry_match *match, int numeric); 2560d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI 2570d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI /* Saves the match info in parsable form to stdout. */ 2580d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI /* ip is struct ipt_ip * for example */ 2590d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI void (*save)(const void *ip, const struct xt_entry_match *match); 2600d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI 261efcdba41ca6bde51c8753cb30c869c370f0a3b93Jozsef Kadlecsik /* Print match name or alias */ 262efcdba41ca6bde51c8753cb30c869c370f0a3b93Jozsef Kadlecsik const char *(*alias)(const struct xt_entry_match *match); 263efcdba41ca6bde51c8753cb30c869c370f0a3b93Jozsef Kadlecsik 2640d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI /* Pointer to list of extra command-line options */ 2650d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI const struct option *extra_opts; 2660d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI 267aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt /* New parser */ 268aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt void (*x6_parse)(struct xt_option_call *); 2693af739b0e7c3b6dcc986645c57c982d0add5006bJan Engelhardt void (*x6_fcheck)(struct xt_fcheck_call *); 270aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt const struct xt_option_entry *x6_options; 271aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt 2722dba676b68ef842025f3afecba26cb0b2ae4c09bJan Engelhardt /* Size of per-extension instance extra "global" scratch space */ 2732dba676b68ef842025f3afecba26cb0b2ae4c09bJan Engelhardt size_t udata_size; 2742dba676b68ef842025f3afecba26cb0b2ae4c09bJan Engelhardt 2750d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI /* Ignore these men behind the curtain: */ 2762dba676b68ef842025f3afecba26cb0b2ae4c09bJan Engelhardt void *udata; 2770d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI unsigned int option_offset; 2780d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI struct xt_entry_match *m; 2790d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI unsigned int mflags; 2800d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI unsigned int loaded; /* simulate loading so options are merged properly */ 2810d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI}; 2820d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI 2830d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAIstruct xtables_target 2840d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI{ 285c4edfa63eda06f02cc5bc1a65d366c55bd2eda30Jan Engelhardt /* 286c4edfa63eda06f02cc5bc1a65d366c55bd2eda30Jan Engelhardt * ABI/API version this module requires. Must be first member, 287c4edfa63eda06f02cc5bc1a65d366c55bd2eda30Jan Engelhardt * as the rest of this struct may be subject to ABI changes. 288c4edfa63eda06f02cc5bc1a65d366c55bd2eda30Jan Engelhardt */ 289c4edfa63eda06f02cc5bc1a65d366c55bd2eda30Jan Engelhardt const char *version; 290c4edfa63eda06f02cc5bc1a65d366c55bd2eda30Jan Engelhardt 2910d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI struct xtables_target *next; 2920d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI 293c4edfa63eda06f02cc5bc1a65d366c55bd2eda30Jan Engelhardt 294ef18e8147903885708d1c264904129af4fb636d6Jan Engelhardt const char *name; 2950d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI 296cd2f9bdbb7f9b737e5d640aafeb78bcd8e3a7adfJan Engelhardt /* Real target behind this, if any. */ 297cd2f9bdbb7f9b737e5d640aafeb78bcd8e3a7adfJan Engelhardt const char *real_name; 298cd2f9bdbb7f9b737e5d640aafeb78bcd8e3a7adfJan Engelhardt 2990d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI /* Revision of target (0 by default). */ 3000d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI u_int8_t revision; 3010d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI 302efcdba41ca6bde51c8753cb30c869c370f0a3b93Jozsef Kadlecsik /* Extension flags */ 303efcdba41ca6bde51c8753cb30c869c370f0a3b93Jozsef Kadlecsik u_int8_t ext_flags; 304efcdba41ca6bde51c8753cb30c869c370f0a3b93Jozsef Kadlecsik 3050d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI u_int16_t family; 3060d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI 3070d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI 3080d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI /* Size of target data. */ 3090d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI size_t size; 3100d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI 3110d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI /* Size of target data relevent for userspace comparison purposes */ 3120d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI size_t userspacesize; 3130d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI 3140d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI /* Function which prints out usage message. */ 3150d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI void (*help)(void); 3160d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI 3170d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI /* Initialize the target. */ 318ea146a982e26c42f9954f140276f8deeb2edbe98Peter Riley void (*init)(struct xt_entry_target *t); 3190d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI 3200d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI /* Function which parses command options; returns true if it 3210d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI ate an option */ 3220d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI /* entry is struct ipt_entry for example */ 3230d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI int (*parse)(int c, char **argv, int invert, unsigned int *flags, 3240d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI const void *entry, 3250d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI struct xt_entry_target **targetinfo); 3260d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI 3270d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI /* Final check; exit if not ok. */ 3280d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI void (*final_check)(unsigned int flags); 3290d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI 3300d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI /* Prints out the target iff non-NULL: put space at end */ 3310d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI void (*print)(const void *ip, 3320d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI const struct xt_entry_target *target, int numeric); 3330d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI 3340d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI /* Saves the targinfo in parsable form to stdout. */ 3350d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI void (*save)(const void *ip, 3360d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI const struct xt_entry_target *target); 3370d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI 338efcdba41ca6bde51c8753cb30c869c370f0a3b93Jozsef Kadlecsik /* Print target name or alias */ 339efcdba41ca6bde51c8753cb30c869c370f0a3b93Jozsef Kadlecsik const char *(*alias)(const struct xt_entry_target *target); 340efcdba41ca6bde51c8753cb30c869c370f0a3b93Jozsef Kadlecsik 3410d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI /* Pointer to list of extra command-line options */ 3423365332f89bd0fa65cea60a38e46a20346ba9964Jan Engelhardt const struct option *extra_opts; 3430d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI 344aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt /* New parser */ 345aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt void (*x6_parse)(struct xt_option_call *); 3463af739b0e7c3b6dcc986645c57c982d0add5006bJan Engelhardt void (*x6_fcheck)(struct xt_fcheck_call *); 347aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt const struct xt_option_entry *x6_options; 348aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt 3492dba676b68ef842025f3afecba26cb0b2ae4c09bJan Engelhardt size_t udata_size; 3502dba676b68ef842025f3afecba26cb0b2ae4c09bJan Engelhardt 3510d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI /* Ignore these men behind the curtain: */ 3522dba676b68ef842025f3afecba26cb0b2ae4c09bJan Engelhardt void *udata; 3530d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI unsigned int option_offset; 3540d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI struct xt_entry_target *t; 3550d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI unsigned int tflags; 3560d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI unsigned int used; 3570d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI unsigned int loaded; /* simulate loading so options are merged properly */ 3580d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI}; 3590d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI 3602338efd8f799d8373dc196c797bda9690283b698Jan Engelhardtstruct xtables_rule_match { 3612338efd8f799d8373dc196c797bda9690283b698Jan Engelhardt struct xtables_rule_match *next; 3622338efd8f799d8373dc196c797bda9690283b698Jan Engelhardt struct xtables_match *match; 3632338efd8f799d8373dc196c797bda9690283b698Jan Engelhardt /* Multiple matches of the same type: the ones before 3642338efd8f799d8373dc196c797bda9690283b698Jan Engelhardt the current one are completed from parsing point of view */ 3652338efd8f799d8373dc196c797bda9690283b698Jan Engelhardt bool completed; 3662338efd8f799d8373dc196c797bda9690283b698Jan Engelhardt}; 3672338efd8f799d8373dc196c797bda9690283b698Jan Engelhardt 3681de7edffc9085c0f41c261dca995e28ae4126c29Jan Engelhardt/** 3691de7edffc9085c0f41c261dca995e28ae4126c29Jan Engelhardt * struct xtables_pprot - 3701de7edffc9085c0f41c261dca995e28ae4126c29Jan Engelhardt * 3711de7edffc9085c0f41c261dca995e28ae4126c29Jan Engelhardt * A few hardcoded protocols for 'all' and in case the user has no 3721de7edffc9085c0f41c261dca995e28ae4126c29Jan Engelhardt * /etc/protocols. 3731de7edffc9085c0f41c261dca995e28ae4126c29Jan Engelhardt */ 3741de7edffc9085c0f41c261dca995e28ae4126c29Jan Engelhardtstruct xtables_pprot { 3751de7edffc9085c0f41c261dca995e28ae4126c29Jan Engelhardt const char *name; 3761de7edffc9085c0f41c261dca995e28ae4126c29Jan Engelhardt u_int8_t num; 3771de7edffc9085c0f41c261dca995e28ae4126c29Jan Engelhardt}; 3781de7edffc9085c0f41c261dca995e28ae4126c29Jan Engelhardt 3792338efd8f799d8373dc196c797bda9690283b698Jan Engelhardtenum xtables_tryload { 3802338efd8f799d8373dc196c797bda9690283b698Jan Engelhardt XTF_DONT_LOAD, 3812338efd8f799d8373dc196c797bda9690283b698Jan Engelhardt XTF_DURING_LOAD, 3822338efd8f799d8373dc196c797bda9690283b698Jan Engelhardt XTF_TRY_LOAD, 3832338efd8f799d8373dc196c797bda9690283b698Jan Engelhardt XTF_LOAD_MUST_SUCCEED, 3842338efd8f799d8373dc196c797bda9690283b698Jan Engelhardt}; 3852338efd8f799d8373dc196c797bda9690283b698Jan Engelhardt 386a41545ca7cde43e0ba53260ba74bd9bf74025a68Jan Engelhardtenum xtables_exittype { 387a41545ca7cde43e0ba53260ba74bd9bf74025a68Jan Engelhardt OTHER_PROBLEM = 1, 388a41545ca7cde43e0ba53260ba74bd9bf74025a68Jan Engelhardt PARAMETER_PROBLEM, 389a41545ca7cde43e0ba53260ba74bd9bf74025a68Jan Engelhardt VERSION_PROBLEM, 390a41545ca7cde43e0ba53260ba74bd9bf74025a68Jan Engelhardt RESOURCE_PROBLEM, 391a41545ca7cde43e0ba53260ba74bd9bf74025a68Jan Engelhardt XTF_ONLY_ONCE, 392a41545ca7cde43e0ba53260ba74bd9bf74025a68Jan Engelhardt XTF_NO_INVERT, 393a41545ca7cde43e0ba53260ba74bd9bf74025a68Jan Engelhardt XTF_BAD_VALUE, 394a41545ca7cde43e0ba53260ba74bd9bf74025a68Jan Engelhardt XTF_ONE_ACTION, 395a41545ca7cde43e0ba53260ba74bd9bf74025a68Jan Engelhardt}; 396a41545ca7cde43e0ba53260ba74bd9bf74025a68Jan Engelhardt 39740a8343d3ad0cdbc3a7e69c8d970ad75807c29edJamal Hadi Salimstruct xtables_globals 39840a8343d3ad0cdbc3a7e69c8d970ad75807c29edJamal Hadi Salim{ 39940a8343d3ad0cdbc3a7e69c8d970ad75807c29edJamal Hadi Salim unsigned int option_offset; 40041f03ba382dfd26e7db939fd02447058b1c56f7bJan Engelhardt const char *program_name, *program_version; 401139b3fe4bd5121501e60fe07963ea527d7f0bd36Jamal Hadi Salim struct option *orig_opts; 40240a8343d3ad0cdbc3a7e69c8d970ad75807c29edJamal Hadi Salim struct option *opts; 4038b7baebc93989106fd5d26b262d0ce191f8ef7c0Jamal Hadi Salim void (*exit_err)(enum xtables_exittype status, const char *msg, ...) __attribute__((noreturn, format(printf,2,3))); 40440a8343d3ad0cdbc3a7e69c8d970ad75807c29edJamal Hadi Salim}; 40540a8343d3ad0cdbc3a7e69c8d970ad75807c29edJamal Hadi Salim 406104fb318d22231c9edf9d61ef84cc84386e52d6bJan Engelhardt#define XT_GETOPT_TABLEEND {.name = NULL, .has_arg = false} 40732b8e61e4e5bd405d9ad07bf9468498dfbb19f9eJan Engelhardt 408771871e1d9c39310cb6e2c595270d2e651309e6dJan Engelhardt#ifdef __cplusplus 409771871e1d9c39310cb6e2c595270d2e651309e6dJan Engelhardtextern "C" { 410771871e1d9c39310cb6e2c595270d2e651309e6dJan Engelhardt#endif 411771871e1d9c39310cb6e2c595270d2e651309e6dJan Engelhardt 412c021c3ce7b1583eb5dd71b10ac3d8ab3cd36beaaJan Engelhardtextern const char *xtables_modprobe_program; 4132338efd8f799d8373dc196c797bda9690283b698Jan Engelhardtextern struct xtables_match *xtables_matches; 4142338efd8f799d8373dc196c797bda9690283b698Jan Engelhardtextern struct xtables_target *xtables_targets; 415c021c3ce7b1583eb5dd71b10ac3d8ab3cd36beaaJan Engelhardt 41639bf9c8214d3073a496a8a1eff91046a8d6fbbdfJan Engelhardtextern void xtables_init(void); 41777f48c2f1ef21fa43aa68c25a1457db319ca2526Jan Engelhardtextern void xtables_set_nfproto(uint8_t); 418630ef48037f3602333addfdb53789c9c6a4bb4c8Jan Engelhardtextern void *xtables_calloc(size_t, size_t); 419630ef48037f3602333addfdb53789c9c6a4bb4c8Jan Engelhardtextern void *xtables_malloc(size_t); 420332e4acc574e3a348fe611d55bf642de0d50fbdaMichael Granzowextern void *xtables_realloc(void *, size_t); 421630ef48037f3602333addfdb53789c9c6a4bb4c8Jan Engelhardt 422c021c3ce7b1583eb5dd71b10ac3d8ab3cd36beaaJan Engelhardtextern int xtables_insmod(const char *, const char *, bool); 423c021c3ce7b1583eb5dd71b10ac3d8ab3cd36beaaJan Engelhardtextern int xtables_load_ko(const char *, bool); 4248b7baebc93989106fd5d26b262d0ce191f8ef7c0Jamal Hadi Salimextern int xtables_set_params(struct xtables_globals *xtp); 425139b3fe4bd5121501e60fe07963ea527d7f0bd36Jamal Hadi Salimextern void xtables_free_opts(int reset_offset); 426710a132ce9fbecedbf9447f2b2a134f2359a583cJan Engelhardtextern struct option *xtables_merge_options(struct option *origopts, 427710a132ce9fbecedbf9447f2b2a134f2359a583cJan Engelhardt struct option *oldopts, const struct option *newopts, 428710a132ce9fbecedbf9447f2b2a134f2359a583cJan Engelhardt unsigned int *option_offset); 429c021c3ce7b1583eb5dd71b10ac3d8ab3cd36beaaJan Engelhardt 4307e4db2f50133007f549f222468bde4f3adcf41acJamal Hadi Salimextern int xtables_init_all(struct xtables_globals *xtp, uint8_t nfproto); 4312338efd8f799d8373dc196c797bda9690283b698Jan Engelhardtextern struct xtables_match *xtables_find_match(const char *name, 4322338efd8f799d8373dc196c797bda9690283b698Jan Engelhardt enum xtables_tryload, struct xtables_rule_match **match); 4332338efd8f799d8373dc196c797bda9690283b698Jan Engelhardtextern struct xtables_target *xtables_find_target(const char *name, 4342338efd8f799d8373dc196c797bda9690283b698Jan Engelhardt enum xtables_tryload); 4352338efd8f799d8373dc196c797bda9690283b698Jan Engelhardt 436d1e7922a587a239e16e0dbe654e63f76e1375e49Pablo Neira Ayusoextern void xtables_rule_matches_free(struct xtables_rule_match **matches); 437d1e7922a587a239e16e0dbe654e63f76e1375e49Pablo Neira Ayuso 4380d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI/* Your shared library should call one of these. */ 4390d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAIextern void xtables_register_match(struct xtables_match *me); 4409a8fc4f89ef120d7beda3724994a1544346b947dJan Engelhardtextern void xtables_register_matches(struct xtables_match *, unsigned int); 4410d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAIextern void xtables_register_target(struct xtables_target *me); 4429a8fc4f89ef120d7beda3724994a1544346b947dJan Engelhardtextern void xtables_register_targets(struct xtables_target *, unsigned int); 4430d502bcdbc97ed359e84f6a21dfa0049b3b60a6cYasuyuki KOZAKAI 4440b7a140944738d67b9c4e6f09992c8407eefb18aJan Engelhardtextern bool xtables_strtoul(const char *, char **, uintmax_t *, 4450b7a140944738d67b9c4e6f09992c8407eefb18aJan Engelhardt uintmax_t, uintmax_t); 4465f2922cfc0bbfbeb878f5c12e9fb3eb602ae5507Jan Engelhardtextern bool xtables_strtoui(const char *, char **, unsigned int *, 447cd9e7aa106e80c44bd526af74b616701b0772d05Jan Engelhardt unsigned int, unsigned int); 448aae6be9edc99e58164a3592c510fe5488141c698Jan Engelhardtextern int xtables_service_to_port(const char *name, const char *proto); 449aae6be9edc99e58164a3592c510fe5488141c698Jan Engelhardtextern u_int16_t xtables_parse_port(const char *port, const char *proto); 45004f8c54dc52e19096d31d94593bd1040716afe4dYasuyuki KOZAKAIextern void 451aae6be9edc99e58164a3592c510fe5488141c698Jan Engelhardtxtables_parse_interface(const char *arg, char *vianame, unsigned char *mask); 45204f8c54dc52e19096d31d94593bd1040716afe4dYasuyuki KOZAKAI 453a3732db1280f790b8e26b41bdcbe8b5f92b7f51bYasuyuki KOZAKAI/* this is a special 64bit data type that is 8-byte aligned */ 454c329d6a7085e3123f3d5ca98a8e0ab37edca2dccPatrick McHardy#define aligned_u64 u_int64_t __attribute__((aligned(8))) 455a3732db1280f790b8e26b41bdcbe8b5f92b7f51bYasuyuki KOZAKAI 4568b7baebc93989106fd5d26b262d0ce191f8ef7c0Jamal Hadi Salimextern struct xtables_globals *xt_params; 4571829ed482efbc8b390cc760d012b3a4450494e1aJan Engelhardt#define xtables_error (xt_params->exit_err) 45870581922f873a88306dd5b1cb83c5081ee239eb8Jamal Hadi Salim 459a41545ca7cde43e0ba53260ba74bd9bf74025a68Jan Engelhardtextern void xtables_param_act(unsigned int, const char *, ...); 460a3732db1280f790b8e26b41bdcbe8b5f92b7f51bYasuyuki KOZAKAI 461e44ea7faa17c10c68f14f5338a7cc6e3291a0ce7Jan Engelhardtextern const char *xtables_ipaddr_to_numeric(const struct in_addr *); 462e44ea7faa17c10c68f14f5338a7cc6e3291a0ce7Jan Engelhardtextern const char *xtables_ipaddr_to_anyname(const struct in_addr *); 463e44ea7faa17c10c68f14f5338a7cc6e3291a0ce7Jan Engelhardtextern const char *xtables_ipmask_to_numeric(const struct in_addr *); 4641e01b0b82f70b0b11dcfbced485dbe7aeac4fb8cJan Engelhardtextern struct in_addr *xtables_numeric_to_ipaddr(const char *); 4651e01b0b82f70b0b11dcfbced485dbe7aeac4fb8cJan Engelhardtextern struct in_addr *xtables_numeric_to_ipmask(const char *); 466a96166c24eaac1c91bed4815c09e91733409d888Pablo Neira Ayusoextern int xtables_ipmask_to_cidr(const struct in_addr *); 467a0baae85f8159f03d52535934aa9b3a375e0f1f3Jan Engelhardtextern void xtables_ipparse_any(const char *, struct in_addr **, 468bd9438420d92c41a5cf20a53b7a18d3ddea4216dJan Engelhardt struct in_addr *, unsigned int *); 469332e4acc574e3a348fe611d55bf642de0d50fbdaMichael Granzowextern void xtables_ipparse_multiple(const char *, struct in_addr **, 470332e4acc574e3a348fe611d55bf642de0d50fbdaMichael Granzow struct in_addr **, unsigned int *); 47108b1616e068166e016b3ee7110db10ae5d853422Jan Engelhardt 4721e01b0b82f70b0b11dcfbced485dbe7aeac4fb8cJan Engelhardtextern struct in6_addr *xtables_numeric_to_ip6addr(const char *); 473e44ea7faa17c10c68f14f5338a7cc6e3291a0ce7Jan Engelhardtextern const char *xtables_ip6addr_to_numeric(const struct in6_addr *); 474e44ea7faa17c10c68f14f5338a7cc6e3291a0ce7Jan Engelhardtextern const char *xtables_ip6addr_to_anyname(const struct in6_addr *); 475e44ea7faa17c10c68f14f5338a7cc6e3291a0ce7Jan Engelhardtextern const char *xtables_ip6mask_to_numeric(const struct in6_addr *); 476a96166c24eaac1c91bed4815c09e91733409d888Pablo Neira Ayusoextern int xtables_ip6mask_to_cidr(const struct in6_addr *); 477a0baae85f8159f03d52535934aa9b3a375e0f1f3Jan Engelhardtextern void xtables_ip6parse_any(const char *, struct in6_addr **, 478bd9438420d92c41a5cf20a53b7a18d3ddea4216dJan Engelhardt struct in6_addr *, unsigned int *); 479332e4acc574e3a348fe611d55bf642de0d50fbdaMichael Granzowextern void xtables_ip6parse_multiple(const char *, struct in6_addr **, 480332e4acc574e3a348fe611d55bf642de0d50fbdaMichael Granzow struct in6_addr **, unsigned int *); 48108b1616e068166e016b3ee7110db10ae5d853422Jan Engelhardt 482a5d099400fd6f9ad3880dda10f85d2aa36b5ec65Max Kellermann/** 483a5d099400fd6f9ad3880dda10f85d2aa36b5ec65Max Kellermann * Print the specified value to standard output, quoting dangerous 484a5d099400fd6f9ad3880dda10f85d2aa36b5ec65Max Kellermann * characters if required. 485a5d099400fd6f9ad3880dda10f85d2aa36b5ec65Max Kellermann */ 486a0baae85f8159f03d52535934aa9b3a375e0f1f3Jan Engelhardtextern void xtables_save_string(const char *value); 487a5d099400fd6f9ad3880dda10f85d2aa36b5ec65Max Kellermann 4882f655ede64e07a861e3ec50150f572ed98755013Pablo Neira Ayuso#define FMT_NUMERIC 0x0001 4892f655ede64e07a861e3ec50150f572ed98755013Pablo Neira Ayuso#define FMT_NOCOUNTS 0x0002 4902f655ede64e07a861e3ec50150f572ed98755013Pablo Neira Ayuso#define FMT_KILOMEGAGIGA 0x0004 4912f655ede64e07a861e3ec50150f572ed98755013Pablo Neira Ayuso#define FMT_OPTIONS 0x0008 4922f655ede64e07a861e3ec50150f572ed98755013Pablo Neira Ayuso#define FMT_NOTABLE 0x0010 4932f655ede64e07a861e3ec50150f572ed98755013Pablo Neira Ayuso#define FMT_NOTARGET 0x0020 4942f655ede64e07a861e3ec50150f572ed98755013Pablo Neira Ayuso#define FMT_VIA 0x0040 4952f655ede64e07a861e3ec50150f572ed98755013Pablo Neira Ayuso#define FMT_NONEWLINE 0x0080 4962f655ede64e07a861e3ec50150f572ed98755013Pablo Neira Ayuso#define FMT_LINENUMBERS 0x0100 4972f655ede64e07a861e3ec50150f572ed98755013Pablo Neira Ayuso 4982f655ede64e07a861e3ec50150f572ed98755013Pablo Neira Ayuso#define FMT_PRINT_RULE (FMT_NOCOUNTS | FMT_OPTIONS | FMT_VIA \ 4992f655ede64e07a861e3ec50150f572ed98755013Pablo Neira Ayuso | FMT_NUMERIC | FMT_NOTABLE) 5002f655ede64e07a861e3ec50150f572ed98755013Pablo Neira Ayuso#define FMT(tab,notab) ((format) & FMT_NOTABLE ? (notab) : (tab)) 5012f655ede64e07a861e3ec50150f572ed98755013Pablo Neira Ayuso 5022f655ede64e07a861e3ec50150f572ed98755013Pablo Neira Ayusoextern void xtables_print_num(uint64_t number, unsigned int format); 5032f655ede64e07a861e3ec50150f572ed98755013Pablo Neira Ayuso 504b79ec69027fd8b65e7eccd78a445b6665e8ad53bJan Engelhardt#if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS) 505f82070f9871d281c2802c1624dcf222886b5fb50Jan Engelhardt# ifdef _INIT 506f82070f9871d281c2802c1624dcf222886b5fb50Jan Engelhardt# undef _init 507f82070f9871d281c2802c1624dcf222886b5fb50Jan Engelhardt# define _init _INIT 508f82070f9871d281c2802c1624dcf222886b5fb50Jan Engelhardt# endif 5099a9694fbf1796a6a5011b60b2a15c01fa3c61368Maciej Żenczykowski extern void init_extensions(void); 5105e8f947becc00a79e78b2a6cf0e25fd674c57ec4Maciej Zenczykowski extern void init_extensions4(void); 51149d8c5d564cad70c5c1bef2d5571e8e494454210Maciej Zenczykowski extern void init_extensions6(void); 512f82070f9871d281c2802c1624dcf222886b5fb50Jan Engelhardt#else 513f82070f9871d281c2802c1624dcf222886b5fb50Jan Engelhardt# define _init __attribute__((constructor)) _INIT 514a3732db1280f790b8e26b41bdcbe8b5f92b7f51bYasuyuki KOZAKAI#endif 515a3732db1280f790b8e26b41bdcbe8b5f92b7f51bYasuyuki KOZAKAI 5161de7edffc9085c0f41c261dca995e28ae4126c29Jan Engelhardtextern const struct xtables_pprot xtables_chain_protos[]; 5171de7edffc9085c0f41c261dca995e28ae4126c29Jan Engelhardtextern u_int16_t xtables_parse_protocol(const char *s); 51833690a1aec0b6309ff90066ca56285b6e43013f2Jan Engelhardt 519f56b8a8bf4b1041cb875fd8439778f35276bdb30Jan Engelhardt/* kernel revision handling */ 520f56b8a8bf4b1041cb875fd8439778f35276bdb30Jan Engelhardtextern int kernel_version; 521f56b8a8bf4b1041cb875fd8439778f35276bdb30Jan Engelhardtextern void get_kernel_version(void); 522f56b8a8bf4b1041cb875fd8439778f35276bdb30Jan Engelhardt#define LINUX_VERSION(x,y,z) (0x10000*(x) + 0x100*(y) + z) 523f56b8a8bf4b1041cb875fd8439778f35276bdb30Jan Engelhardt#define LINUX_VERSION_MAJOR(x) (((x)>>16) & 0xFF) 524f56b8a8bf4b1041cb875fd8439778f35276bdb30Jan Engelhardt#define LINUX_VERSION_MINOR(x) (((x)>> 8) & 0xFF) 525f56b8a8bf4b1041cb875fd8439778f35276bdb30Jan Engelhardt#define LINUX_VERSION_PATCH(x) ( (x) & 0xFF) 526f56b8a8bf4b1041cb875fd8439778f35276bdb30Jan Engelhardt 527aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt/* xtoptions.c */ 528aa37acc1423126f555135935c687eb91995b9440Jan Engelhardtextern void xtables_option_metavalidate(const char *, 529aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt const struct xt_option_entry *); 530aa37acc1423126f555135935c687eb91995b9440Jan Engelhardtextern struct option *xtables_options_xfrm(struct option *, struct option *, 531aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt const struct xt_option_entry *, 532aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt unsigned int *); 533aa37acc1423126f555135935c687eb91995b9440Jan Engelhardtextern void xtables_option_parse(struct xt_option_call *); 534aa37acc1423126f555135935c687eb91995b9440Jan Engelhardtextern void xtables_option_tpcall(unsigned int, char **, bool, 535aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt struct xtables_target *, void *); 536aa37acc1423126f555135935c687eb91995b9440Jan Engelhardtextern void xtables_option_mpcall(unsigned int, char **, bool, 537aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt struct xtables_match *, void *); 5383af739b0e7c3b6dcc986645c57c982d0add5006bJan Engelhardtextern void xtables_option_tfcall(struct xtables_target *); 5393af739b0e7c3b6dcc986645c57c982d0add5006bJan Engelhardtextern void xtables_option_mfcall(struct xtables_match *); 540aa37acc1423126f555135935c687eb91995b9440Jan Engelhardtextern void xtables_options_fcheck(const char *, unsigned int, 541aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt const struct xt_option_entry *); 542aa37acc1423126f555135935c687eb91995b9440Jan Engelhardt 5432e0ec4fa0fb5162c441cd666f55fe76777e40d5eJan Engelhardtextern struct xtables_lmap *xtables_lmap_init(const char *); 5442e0ec4fa0fb5162c441cd666f55fe76777e40d5eJan Engelhardtextern void xtables_lmap_free(struct xtables_lmap *); 5452e0ec4fa0fb5162c441cd666f55fe76777e40d5eJan Engelhardtextern int xtables_lmap_name2id(const struct xtables_lmap *, const char *); 5462e0ec4fa0fb5162c441cd666f55fe76777e40d5eJan Engelhardtextern const char *xtables_lmap_id2name(const struct xtables_lmap *, int); 5472e0ec4fa0fb5162c441cd666f55fe76777e40d5eJan Engelhardt 54833690a1aec0b6309ff90066ca56285b6e43013f2Jan Engelhardt#ifdef XTABLES_INTERNAL 549c02e80878979d2205f3d89d05548397871e598e9Jan Engelhardt 550c02e80878979d2205f3d89d05548397871e598e9Jan Engelhardt/* Shipped modules rely on this... */ 551c02e80878979d2205f3d89d05548397871e598e9Jan Engelhardt 5521de7edffc9085c0f41c261dca995e28ae4126c29Jan Engelhardt# ifndef ARRAY_SIZE 5531de7edffc9085c0f41c261dca995e28ae4126c29Jan Engelhardt# define ARRAY_SIZE(x) (sizeof(x) / sizeof(*(x))) 5541de7edffc9085c0f41c261dca995e28ae4126c29Jan Engelhardt# endif 555c02e80878979d2205f3d89d05548397871e598e9Jan Engelhardt 556c02e80878979d2205f3d89d05548397871e598e9Jan Engelhardtextern void _init(void); 557c02e80878979d2205f3d89d05548397871e598e9Jan Engelhardt 55833690a1aec0b6309ff90066ca56285b6e43013f2Jan Engelhardt#endif 55933690a1aec0b6309ff90066ca56285b6e43013f2Jan Engelhardt 560771871e1d9c39310cb6e2c595270d2e651309e6dJan Engelhardt#ifdef __cplusplus 561771871e1d9c39310cb6e2c595270d2e651309e6dJan Engelhardt} /* extern "C" */ 562771871e1d9c39310cb6e2c595270d2e651309e6dJan Engelhardt#endif 563771871e1d9c39310cb6e2c595270d2e651309e6dJan Engelhardt 5645208806f2708f761e97e62550561e3164b541770Yasuyuki KOZAKAI#endif /* _XTABLES_H */ 565