xtables.h revision 04f8c54dc52e19096d31d94593bd1040716afe4d 
1#ifndef _XTABLES_H
2#define _XTABLES_H
3
4#include <sys/types.h>
5#include <linux/netfilter/x_tables.h>
6#include <libiptc/libxtc.h>
7
8/* protocol family dependent informations */
9struct afinfo {
10	/* protocol family */
11	int family;
12
13	/* prefix of library name (ex "libipt_" */
14	char *libprefix;
15
16	/* used by setsockopt (ex IPPROTO_IP */
17	int ipproto;
18
19	/* kernel module (ex "ip_tables" */
20	char *kmod;
21
22	/* optname to check revision support of match */
23	int so_rev_match;
24
25	/* optname to check revision support of match */
26	int so_rev_target;
27};
28
29enum xt_tryload {
30	DONT_LOAD,
31	DURING_LOAD,
32	TRY_LOAD,
33	LOAD_MUST_SUCCEED
34};
35
36struct xtables_rule_match
37{
38	struct xtables_rule_match *next;
39	struct xtables_match *match;
40	/* Multiple matches of the same type: the ones before
41	   the current one are completed from parsing point of view */
42	unsigned int completed;
43};
44
45/* Include file for additions: new matches and targets. */
46struct xtables_match
47{
48	struct xtables_match *next;
49
50	xt_chainlabel name;
51
52	/* Revision of match (0 by default). */
53	u_int8_t revision;
54
55	u_int16_t family;
56
57	const char *version;
58
59	/* Size of match data. */
60	size_t size;
61
62	/* Size of match data relevent for userspace comparison purposes */
63	size_t userspacesize;
64
65	/* Function which prints out usage message. */
66	void (*help)(void);
67
68	/* Initialize the match. */
69	void (*init)(struct xt_entry_match *m, unsigned int *nfcache);
70
71	/* Function which parses command options; returns true if it
72           ate an option */
73	/* entry is struct ipt_entry for example */
74	int (*parse)(int c, char **argv, int invert, unsigned int *flags,
75		     const void *entry,
76		     unsigned int *nfcache,
77		     struct xt_entry_match **match);
78
79	/* Final check; exit if not ok. */
80	void (*final_check)(unsigned int flags);
81
82	/* Prints out the match iff non-NULL: put space at end */
83	/* ip is struct ipt_ip * for example */
84	void (*print)(const void *ip,
85		      const struct xt_entry_match *match, int numeric);
86
87	/* Saves the match info in parsable form to stdout. */
88	/* ip is struct ipt_ip * for example */
89	void (*save)(const void *ip, const struct xt_entry_match *match);
90
91	/* Pointer to list of extra command-line options */
92	const struct option *extra_opts;
93
94	/* Ignore these men behind the curtain: */
95	unsigned int option_offset;
96	struct xt_entry_match *m;
97	unsigned int mflags;
98#ifdef NO_SHARED_LIBS
99	unsigned int loaded; /* simulate loading so options are merged properly */
100#endif
101};
102
103struct xtables_target
104{
105	struct xtables_target *next;
106
107	xt_chainlabel name;
108
109	/* Revision of target (0 by default). */
110	u_int8_t revision;
111
112	u_int16_t family;
113
114	const char *version;
115
116	/* Size of target data. */
117	size_t size;
118
119	/* Size of target data relevent for userspace comparison purposes */
120	size_t userspacesize;
121
122	/* Function which prints out usage message. */
123	void (*help)(void);
124
125	/* Initialize the target. */
126	void (*init)(struct xt_entry_target *t, unsigned int *nfcache);
127
128	/* Function which parses command options; returns true if it
129           ate an option */
130	/* entry is struct ipt_entry for example */
131	int (*parse)(int c, char **argv, int invert, unsigned int *flags,
132		     const void *entry,
133		     struct xt_entry_target **targetinfo);
134
135	/* Final check; exit if not ok. */
136	void (*final_check)(unsigned int flags);
137
138	/* Prints out the target iff non-NULL: put space at end */
139	void (*print)(const void *ip,
140		      const struct xt_entry_target *target, int numeric);
141
142	/* Saves the targinfo in parsable form to stdout. */
143	void (*save)(const void *ip,
144		     const struct xt_entry_target *target);
145
146	/* Pointer to list of extra command-line options */
147	struct option *extra_opts;
148
149	/* Ignore these men behind the curtain: */
150	unsigned int option_offset;
151	struct xt_entry_target *t;
152	unsigned int tflags;
153	unsigned int used;
154#ifdef NO_SHARED_LIBS
155	unsigned int loaded; /* simulate loading so options are merged properly */
156#endif
157};
158
159extern char *lib_dir;
160
161extern void *fw_calloc(size_t count, size_t size);
162extern void *fw_malloc(size_t size);
163
164extern const char *modprobe;
165extern int xtables_insmod(const char *modname, const char *modprobe, int quiet);
166extern int load_xtables_ko(const char *modprobe, int quiet);
167
168/* This is decleared in ip[6]tables.c */
169extern struct afinfo afinfo;
170
171/* Keeping track of external matches and targets: linked lists.  */
172extern struct xtables_match *xtables_matches;
173extern struct xtables_target *xtables_targets;
174
175/* Your shared library should call one of these. */
176extern void xtables_register_match(struct xtables_match *me);
177extern void xtables_register_target(struct xtables_target *me);
178
179extern struct xtables_match *find_match(const char *name, enum xt_tryload,
180					struct xtables_rule_match **match);
181extern struct xtables_target *find_target(const char *name, enum xt_tryload);
182
183extern int string_to_number_ll(const char *s,
184			       unsigned long long min,
185			       unsigned long long max,
186			       unsigned long long *ret);
187extern int string_to_number_l(const char *s,
188			      unsigned long min,
189			      unsigned long max,
190			      unsigned long *ret);
191extern int string_to_number(const char *s,
192			    unsigned int min,
193			    unsigned int max,
194			    unsigned int *ret);
195extern int service_to_port(const char *name, const char *proto);
196extern u_int16_t parse_port(const char *port, const char *proto);
197extern void
198parse_interface(const char *arg, char *vianame, unsigned char *mask);
199
200#endif /* _XTABLES_H */
201