xtables.h revision 493c712d61c35a6d8db877b208d34c111337a918 
1#ifndef _XTABLES_H
2#define _XTABLES_H
3
4#include <sys/types.h>
5#include <linux/types.h>
6#include <linux/netfilter/x_tables.h>
7#include <libiptc/libxtc.h>
8#include <stdbool.h>
9
10#ifndef IPPROTO_SCTP
11#define IPPROTO_SCTP 132
12#endif
13#ifndef IPPROTO_DCCP
14#define IPPROTO_DCCP 33
15#endif
16#ifndef IPPROTO_UDPLITE
17#define IPPROTO_UDPLITE	136
18#endif
19
20#define XTABLES_VERSION "@PACKAGE_VERSION@"
21
22/* Include file for additions: new matches and targets. */
23struct xtables_match
24{
25	struct xtables_match *next;
26
27	xt_chainlabel name;
28
29	/* Revision of match (0 by default). */
30	u_int8_t revision;
31
32	u_int16_t family;
33
34	const char *version;
35
36	/* Size of match data. */
37	size_t size;
38
39	/* Size of match data relevent for userspace comparison purposes */
40	size_t userspacesize;
41
42	/* Function which prints out usage message. */
43	void (*help)(void);
44
45	/* Initialize the match. */
46	void (*init)(struct xt_entry_match *m);
47
48	/* Function which parses command options; returns true if it
49           ate an option */
50	/* entry is struct ipt_entry for example */
51	int (*parse)(int c, char **argv, int invert, unsigned int *flags,
52		     const void *entry,
53		     struct xt_entry_match **match);
54
55	/* Final check; exit if not ok. */
56	void (*final_check)(unsigned int flags);
57
58	/* Prints out the match iff non-NULL: put space at end */
59	/* ip is struct ipt_ip * for example */
60	void (*print)(const void *ip,
61		      const struct xt_entry_match *match, int numeric);
62
63	/* Saves the match info in parsable form to stdout. */
64	/* ip is struct ipt_ip * for example */
65	void (*save)(const void *ip, const struct xt_entry_match *match);
66
67	/* Pointer to list of extra command-line options */
68	const struct option *extra_opts;
69
70	/* Ignore these men behind the curtain: */
71	unsigned int option_offset;
72	struct xt_entry_match *m;
73	unsigned int mflags;
74#ifdef NO_SHARED_LIBS
75	unsigned int loaded; /* simulate loading so options are merged properly */
76#endif
77};
78
79struct xtables_target
80{
81	struct xtables_target *next;
82
83	xt_chainlabel name;
84
85	/* Revision of target (0 by default). */
86	u_int8_t revision;
87
88	u_int16_t family;
89
90	const char *version;
91
92	/* Size of target data. */
93	size_t size;
94
95	/* Size of target data relevent for userspace comparison purposes */
96	size_t userspacesize;
97
98	/* Function which prints out usage message. */
99	void (*help)(void);
100
101	/* Initialize the target. */
102	void (*init)(struct xt_entry_target *t);
103
104	/* Function which parses command options; returns true if it
105           ate an option */
106	/* entry is struct ipt_entry for example */
107	int (*parse)(int c, char **argv, int invert, unsigned int *flags,
108		     const void *entry,
109		     struct xt_entry_target **targetinfo);
110
111	/* Final check; exit if not ok. */
112	void (*final_check)(unsigned int flags);
113
114	/* Prints out the target iff non-NULL: put space at end */
115	void (*print)(const void *ip,
116		      const struct xt_entry_target *target, int numeric);
117
118	/* Saves the targinfo in parsable form to stdout. */
119	void (*save)(const void *ip,
120		     const struct xt_entry_target *target);
121
122	/* Pointer to list of extra command-line options */
123	const struct option *extra_opts;
124
125	/* Ignore these men behind the curtain: */
126	unsigned int option_offset;
127	struct xt_entry_target *t;
128	unsigned int tflags;
129	unsigned int used;
130#ifdef NO_SHARED_LIBS
131	unsigned int loaded; /* simulate loading so options are merged properly */
132#endif
133};
134
135/* Your shared library should call one of these. */
136extern void xtables_register_match(struct xtables_match *me);
137extern void xtables_register_target(struct xtables_target *me);
138
139extern int string_to_number_ll(const char *s,
140			       unsigned long long min,
141			       unsigned long long max,
142			       unsigned long long *ret);
143extern int string_to_number_l(const char *s,
144			      unsigned long min,
145			      unsigned long max,
146			      unsigned long *ret);
147extern int string_to_number(const char *s,
148			    unsigned int min,
149			    unsigned int max,
150			    unsigned int *ret);
151extern bool strtonuml(const char *, char **, unsigned long *,
152	unsigned long, unsigned long);
153extern bool strtonum(const char *, char **, unsigned int *,
154	unsigned int, unsigned int);
155extern int service_to_port(const char *name, const char *proto);
156extern u_int16_t parse_port(const char *port, const char *proto);
157extern void
158parse_interface(const char *arg, char *vianame, unsigned char *mask);
159
160enum exittype {
161	OTHER_PROBLEM = 1,
162	PARAMETER_PROBLEM,
163	VERSION_PROBLEM,
164	RESOURCE_PROBLEM,
165	P_ONLY_ONCE,
166	P_NO_INVERT,
167	P_BAD_VALUE,
168	P_ONE_ACTION,
169};
170
171/* this is a special 64bit data type that is 8-byte aligned */
172#define aligned_u64 u_int64_t __attribute__((aligned(8)))
173
174int check_inverse(const char option[], int *invert, int *my_optind, int argc);
175void exit_error(enum exittype, const char *, ...)__attribute__((noreturn,
176							  format(printf,2,3)));
177extern void param_act(unsigned int, const char *, ...);
178extern const char *program_name, *program_version;
179
180extern const char *ipaddr_to_numeric(const struct in_addr *);
181extern const char *ipaddr_to_anyname(const struct in_addr *);
182extern const char *ipmask_to_numeric(const struct in_addr *);
183extern struct in_addr *numeric_to_ipaddr(const char *);
184extern struct in_addr *numeric_to_ipmask(const char *);
185extern void ipparse_hostnetworkmask(const char *, struct in_addr **,
186	struct in_addr *, unsigned int *);
187
188extern struct in6_addr *numeric_to_ip6addr(const char *);
189extern const char *ip6addr_to_numeric(const struct in6_addr *);
190extern const char *ip6addr_to_anyname(const struct in6_addr *);
191extern const char *ip6mask_to_numeric(const struct in6_addr *);
192extern void ip6parse_hostnetworkmask(const char *, struct in6_addr **,
193	struct in6_addr *, unsigned int *);
194
195/**
196 * Print the specified value to standard output, quoting dangerous
197 * characters if required.
198 */
199extern void save_string(const char *value);
200
201#ifdef NO_SHARED_LIBS
202#	ifdef _INIT
203#		undef _init
204#		define _init _INIT
205#	endif
206	extern void init_extensions(void);
207#else
208#	define _init __attribute__((constructor)) _INIT
209#endif
210
211/* Present in both iptables.c and ip6tables.c */
212extern u_int16_t parse_protocol(const char *s);
213
214#ifdef XTABLES_INTERNAL
215#	include <xtables/internal.h>
216#endif
217
218#endif /* _XTABLES_H */
219