xtables.h revision 5cd1ff53a500256997519ec1d871750773c44803
1#ifndef _XTABLES_H 2#define _XTABLES_H 3 4#include <sys/types.h> 5#include <linux/netfilter/x_tables.h> 6#include <libiptc/libxtc.h> 7 8#ifndef XT_LIB_DIR 9#define XT_LIB_DIR "/usr/local/lib/iptables" 10#endif 11 12#ifndef IPPROTO_SCTP 13#define IPPROTO_SCTP 132 14#endif 15#ifndef IPPROTO_DCCP 16#define IPPROTO_DCCP 33 17#endif 18#ifndef IPPROTO_UDPLITE 19#define IPPROTO_UDPLITE 136 20#endif 21 22/* protocol family dependent informations */ 23struct afinfo { 24 /* protocol family */ 25 int family; 26 27 /* prefix of library name (ex "libipt_" */ 28 char *libprefix; 29 30 /* used by setsockopt (ex IPPROTO_IP */ 31 int ipproto; 32 33 /* kernel module (ex "ip_tables" */ 34 char *kmod; 35 36 /* optname to check revision support of match */ 37 int so_rev_match; 38 39 /* optname to check revision support of match */ 40 int so_rev_target; 41}; 42 43enum xt_tryload { 44 DONT_LOAD, 45 DURING_LOAD, 46 TRY_LOAD, 47 LOAD_MUST_SUCCEED 48}; 49 50struct xtables_rule_match 51{ 52 struct xtables_rule_match *next; 53 struct xtables_match *match; 54 /* Multiple matches of the same type: the ones before 55 the current one are completed from parsing point of view */ 56 unsigned int completed; 57}; 58 59/* Include file for additions: new matches and targets. */ 60struct xtables_match 61{ 62 struct xtables_match *next; 63 64 xt_chainlabel name; 65 66 /* Revision of match (0 by default). */ 67 u_int8_t revision; 68 69 u_int16_t family; 70 71 const char *version; 72 73 /* Size of match data. */ 74 size_t size; 75 76 /* Size of match data relevent for userspace comparison purposes */ 77 size_t userspacesize; 78 79 /* Function which prints out usage message. */ 80 void (*help)(void); 81 82 /* Initialize the match. */ 83 void (*init)(struct xt_entry_match *m, unsigned int *nfcache); 84 85 /* Function which parses command options; returns true if it 86 ate an option */ 87 /* entry is struct ipt_entry for example */ 88 int (*parse)(int c, char **argv, int invert, unsigned int *flags, 89 const void *entry, 90 unsigned int *nfcache, 91 struct xt_entry_match **match); 92 93 /* Final check; exit if not ok. */ 94 void (*final_check)(unsigned int flags); 95 96 /* Prints out the match iff non-NULL: put space at end */ 97 /* ip is struct ipt_ip * for example */ 98 void (*print)(const void *ip, 99 const struct xt_entry_match *match, int numeric); 100 101 /* Saves the match info in parsable form to stdout. */ 102 /* ip is struct ipt_ip * for example */ 103 void (*save)(const void *ip, const struct xt_entry_match *match); 104 105 /* Pointer to list of extra command-line options */ 106 const struct option *extra_opts; 107 108 /* Ignore these men behind the curtain: */ 109 unsigned int option_offset; 110 struct xt_entry_match *m; 111 unsigned int mflags; 112#ifdef NO_SHARED_LIBS 113 unsigned int loaded; /* simulate loading so options are merged properly */ 114#endif 115}; 116 117struct xtables_target 118{ 119 struct xtables_target *next; 120 121 xt_chainlabel name; 122 123 /* Revision of target (0 by default). */ 124 u_int8_t revision; 125 126 u_int16_t family; 127 128 const char *version; 129 130 /* Size of target data. */ 131 size_t size; 132 133 /* Size of target data relevent for userspace comparison purposes */ 134 size_t userspacesize; 135 136 /* Function which prints out usage message. */ 137 void (*help)(void); 138 139 /* Initialize the target. */ 140 void (*init)(struct xt_entry_target *t, unsigned int *nfcache); 141 142 /* Function which parses command options; returns true if it 143 ate an option */ 144 /* entry is struct ipt_entry for example */ 145 int (*parse)(int c, char **argv, int invert, unsigned int *flags, 146 const void *entry, 147 struct xt_entry_target **targetinfo); 148 149 /* Final check; exit if not ok. */ 150 void (*final_check)(unsigned int flags); 151 152 /* Prints out the target iff non-NULL: put space at end */ 153 void (*print)(const void *ip, 154 const struct xt_entry_target *target, int numeric); 155 156 /* Saves the targinfo in parsable form to stdout. */ 157 void (*save)(const void *ip, 158 const struct xt_entry_target *target); 159 160 /* Pointer to list of extra command-line options */ 161 struct option *extra_opts; 162 163 /* Ignore these men behind the curtain: */ 164 unsigned int option_offset; 165 struct xt_entry_target *t; 166 unsigned int tflags; 167 unsigned int used; 168#ifdef NO_SHARED_LIBS 169 unsigned int loaded; /* simulate loading so options are merged properly */ 170#endif 171}; 172 173extern char *lib_dir; 174 175extern void *fw_calloc(size_t count, size_t size); 176extern void *fw_malloc(size_t size); 177 178extern const char *modprobe; 179extern int xtables_insmod(const char *modname, const char *modprobe, int quiet); 180extern int load_xtables_ko(const char *modprobe, int quiet); 181 182/* This is decleared in ip[6]tables.c */ 183extern struct afinfo afinfo; 184 185/* Keeping track of external matches and targets: linked lists. */ 186extern struct xtables_match *xtables_matches; 187extern struct xtables_target *xtables_targets; 188 189/* Your shared library should call one of these. */ 190extern void xtables_register_match(struct xtables_match *me); 191extern void xtables_register_target(struct xtables_target *me); 192 193extern struct xtables_match *find_match(const char *name, enum xt_tryload, 194 struct xtables_rule_match **match); 195extern struct xtables_target *find_target(const char *name, enum xt_tryload); 196 197extern int string_to_number_ll(const char *s, 198 unsigned long long min, 199 unsigned long long max, 200 unsigned long long *ret); 201extern int string_to_number_l(const char *s, 202 unsigned long min, 203 unsigned long max, 204 unsigned long *ret); 205extern int string_to_number(const char *s, 206 unsigned int min, 207 unsigned int max, 208 unsigned int *ret); 209extern int service_to_port(const char *name, const char *proto); 210extern u_int16_t parse_port(const char *port, const char *proto); 211extern void 212parse_interface(const char *arg, char *vianame, unsigned char *mask); 213 214#endif /* _XTABLES_H */ 215