xtables.h revision cd9e7aa106e80c44bd526af74b616701b0772d05 
1#ifndef _XTABLES_H
2#define _XTABLES_H
3
4#include <sys/types.h>
5#include <linux/types.h>
6#include <linux/netfilter/x_tables.h>
7#include <libiptc/libxtc.h>
8#include <stdbool.h>
9
10#ifndef XT_LIB_DIR
11#define XT_LIB_DIR "/usr/local/lib/iptables"
12#endif
13
14#ifndef IPPROTO_SCTP
15#define IPPROTO_SCTP 132
16#endif
17#ifndef IPPROTO_DCCP
18#define IPPROTO_DCCP 33
19#endif
20#ifndef IPPROTO_UDPLITE
21#define IPPROTO_UDPLITE	136
22#endif
23
24/* protocol family dependent informations */
25struct afinfo {
26	/* protocol family */
27	int family;
28
29	/* prefix of library name (ex "libipt_" */
30	char *libprefix;
31
32	/* used by setsockopt (ex IPPROTO_IP */
33	int ipproto;
34
35	/* kernel module (ex "ip_tables" */
36	char *kmod;
37
38	/* optname to check revision support of match */
39	int so_rev_match;
40
41	/* optname to check revision support of match */
42	int so_rev_target;
43};
44
45enum xt_tryload {
46	DONT_LOAD,
47	DURING_LOAD,
48	TRY_LOAD,
49	LOAD_MUST_SUCCEED
50};
51
52struct xtables_rule_match
53{
54	struct xtables_rule_match *next;
55	struct xtables_match *match;
56	/* Multiple matches of the same type: the ones before
57	   the current one are completed from parsing point of view */
58	unsigned int completed;
59};
60
61/* Include file for additions: new matches and targets. */
62struct xtables_match
63{
64	struct xtables_match *next;
65
66	xt_chainlabel name;
67
68	/* Revision of match (0 by default). */
69	u_int8_t revision;
70
71	u_int16_t family;
72
73	const char *version;
74
75	/* Size of match data. */
76	size_t size;
77
78	/* Size of match data relevent for userspace comparison purposes */
79	size_t userspacesize;
80
81	/* Function which prints out usage message. */
82	void (*help)(void);
83
84	/* Initialize the match. */
85	void (*init)(struct xt_entry_match *m);
86
87	/* Function which parses command options; returns true if it
88           ate an option */
89	/* entry is struct ipt_entry for example */
90	int (*parse)(int c, char **argv, int invert, unsigned int *flags,
91		     const void *entry,
92		     struct xt_entry_match **match);
93
94	/* Final check; exit if not ok. */
95	void (*final_check)(unsigned int flags);
96
97	/* Prints out the match iff non-NULL: put space at end */
98	/* ip is struct ipt_ip * for example */
99	void (*print)(const void *ip,
100		      const struct xt_entry_match *match, int numeric);
101
102	/* Saves the match info in parsable form to stdout. */
103	/* ip is struct ipt_ip * for example */
104	void (*save)(const void *ip, const struct xt_entry_match *match);
105
106	/* Pointer to list of extra command-line options */
107	const struct option *extra_opts;
108
109	/* Ignore these men behind the curtain: */
110	unsigned int option_offset;
111	struct xt_entry_match *m;
112	unsigned int mflags;
113#ifdef NO_SHARED_LIBS
114	unsigned int loaded; /* simulate loading so options are merged properly */
115#endif
116};
117
118struct xtables_target
119{
120	struct xtables_target *next;
121
122	xt_chainlabel name;
123
124	/* Revision of target (0 by default). */
125	u_int8_t revision;
126
127	u_int16_t family;
128
129	const char *version;
130
131	/* Size of target data. */
132	size_t size;
133
134	/* Size of target data relevent for userspace comparison purposes */
135	size_t userspacesize;
136
137	/* Function which prints out usage message. */
138	void (*help)(void);
139
140	/* Initialize the target. */
141	void (*init)(struct xt_entry_target *t);
142
143	/* Function which parses command options; returns true if it
144           ate an option */
145	/* entry is struct ipt_entry for example */
146	int (*parse)(int c, char **argv, int invert, unsigned int *flags,
147		     const void *entry,
148		     struct xt_entry_target **targetinfo);
149
150	/* Final check; exit if not ok. */
151	void (*final_check)(unsigned int flags);
152
153	/* Prints out the target iff non-NULL: put space at end */
154	void (*print)(const void *ip,
155		      const struct xt_entry_target *target, int numeric);
156
157	/* Saves the targinfo in parsable form to stdout. */
158	void (*save)(const void *ip,
159		     const struct xt_entry_target *target);
160
161	/* Pointer to list of extra command-line options */
162	const struct option *extra_opts;
163
164	/* Ignore these men behind the curtain: */
165	unsigned int option_offset;
166	struct xt_entry_target *t;
167	unsigned int tflags;
168	unsigned int used;
169#ifdef NO_SHARED_LIBS
170	unsigned int loaded; /* simulate loading so options are merged properly */
171#endif
172};
173
174extern char *lib_dir;
175
176extern void *fw_calloc(size_t count, size_t size);
177extern void *fw_malloc(size_t size);
178
179extern const char *modprobe;
180extern int xtables_insmod(const char *modname, const char *modprobe, int quiet);
181extern int load_xtables_ko(const char *modprobe, int quiet);
182
183/* This is decleared in ip[6]tables.c */
184extern struct afinfo afinfo;
185
186/* Keeping track of external matches and targets: linked lists.  */
187extern struct xtables_match *xtables_matches;
188extern struct xtables_target *xtables_targets;
189
190/* Your shared library should call one of these. */
191extern void xtables_register_match(struct xtables_match *me);
192extern void xtables_register_target(struct xtables_target *me);
193
194extern struct xtables_match *find_match(const char *name, enum xt_tryload,
195					struct xtables_rule_match **match);
196extern struct xtables_target *find_target(const char *name, enum xt_tryload);
197
198extern int string_to_number_ll(const char *s,
199			       unsigned long long min,
200			       unsigned long long max,
201			       unsigned long long *ret);
202extern int string_to_number_l(const char *s,
203			      unsigned long min,
204			      unsigned long max,
205			      unsigned long *ret);
206extern int string_to_number(const char *s,
207			    unsigned int min,
208			    unsigned int max,
209			    unsigned int *ret);
210extern bool strtonuml(const char *, char **, unsigned long *,
211	unsigned long, unsigned long);
212extern bool strtonum(const char *, char **, unsigned int *,
213	unsigned int, unsigned int);
214extern int service_to_port(const char *name, const char *proto);
215extern u_int16_t parse_port(const char *port, const char *proto);
216extern void
217parse_interface(const char *arg, char *vianame, unsigned char *mask);
218
219enum exittype {
220	OTHER_PROBLEM = 1,
221	PARAMETER_PROBLEM,
222	VERSION_PROBLEM,
223	RESOURCE_PROBLEM
224};
225
226/* this is a special 64bit data type that is 8-byte aligned */
227#define aligned_u64 u_int64_t __attribute__((aligned(8)))
228
229int check_inverse(const char option[], int *invert, int *optind, int argc);
230void exit_error(enum exittype, const char *, ...)__attribute__((noreturn,
231							  format(printf,2,3)));
232extern const char *program_name, *program_version;
233
234#ifdef NO_SHARED_LIBS
235#	ifdef _INIT
236#		undef _init
237#		define _init _INIT
238#	endif
239	extern void init_extensions(void);
240#else
241#	define _init __attribute__((constructor)) _INIT
242#endif
243
244#endif /* _XTABLES_H */
245