xtables.h revision dbb77543ad6afe29e9a1881b2d4fc212de621a55
1#ifndef _XTABLES_H 2#define _XTABLES_H 3 4#include <sys/types.h> 5#include <linux/types.h> 6#include <linux/netfilter/x_tables.h> 7#include <libiptc/libxtc.h> 8#include <stdbool.h> 9 10#ifndef XT_LIB_DIR 11#define XT_LIB_DIR "/usr/local/lib/iptables" 12#endif 13 14#ifndef IPPROTO_SCTP 15#define IPPROTO_SCTP 132 16#endif 17#ifndef IPPROTO_DCCP 18#define IPPROTO_DCCP 33 19#endif 20#ifndef IPPROTO_UDPLITE 21#define IPPROTO_UDPLITE 136 22#endif 23 24/* protocol family dependent informations */ 25struct afinfo { 26 /* protocol family */ 27 int family; 28 29 /* prefix of library name (ex "libipt_" */ 30 char *libprefix; 31 32 /* used by setsockopt (ex IPPROTO_IP */ 33 int ipproto; 34 35 /* kernel module (ex "ip_tables" */ 36 char *kmod; 37 38 /* optname to check revision support of match */ 39 int so_rev_match; 40 41 /* optname to check revision support of match */ 42 int so_rev_target; 43}; 44 45enum xt_tryload { 46 DONT_LOAD, 47 DURING_LOAD, 48 TRY_LOAD, 49 LOAD_MUST_SUCCEED 50}; 51 52struct xtables_rule_match 53{ 54 struct xtables_rule_match *next; 55 struct xtables_match *match; 56 /* Multiple matches of the same type: the ones before 57 the current one are completed from parsing point of view */ 58 unsigned int completed; 59}; 60 61/* Include file for additions: new matches and targets. */ 62struct xtables_match 63{ 64 struct xtables_match *next; 65 66 xt_chainlabel name; 67 68 /* Revision of match (0 by default). */ 69 u_int8_t revision; 70 71 u_int16_t family; 72 73 const char *version; 74 75 /* Size of match data. */ 76 size_t size; 77 78 /* Size of match data relevent for userspace comparison purposes */ 79 size_t userspacesize; 80 81 /* Function which prints out usage message. */ 82 void (*help)(void); 83 84 /* Initialize the match. */ 85 void (*init)(struct xt_entry_match *m); 86 87 /* Function which parses command options; returns true if it 88 ate an option */ 89 /* entry is struct ipt_entry for example */ 90 int (*parse)(int c, char **argv, int invert, unsigned int *flags, 91 const void *entry, 92 struct xt_entry_match **match); 93 94 /* Final check; exit if not ok. */ 95 void (*final_check)(unsigned int flags); 96 97 /* Prints out the match iff non-NULL: put space at end */ 98 /* ip is struct ipt_ip * for example */ 99 void (*print)(const void *ip, 100 const struct xt_entry_match *match, int numeric); 101 102 /* Saves the match info in parsable form to stdout. */ 103 /* ip is struct ipt_ip * for example */ 104 void (*save)(const void *ip, const struct xt_entry_match *match); 105 106 /* Pointer to list of extra command-line options */ 107 const struct option *extra_opts; 108 109 /* Ignore these men behind the curtain: */ 110 unsigned int option_offset; 111 struct xt_entry_match *m; 112 unsigned int mflags; 113#ifdef NO_SHARED_LIBS 114 unsigned int loaded; /* simulate loading so options are merged properly */ 115#endif 116}; 117 118struct xtables_target 119{ 120 struct xtables_target *next; 121 122 xt_chainlabel name; 123 124 /* Revision of target (0 by default). */ 125 u_int8_t revision; 126 127 u_int16_t family; 128 129 const char *version; 130 131 /* Size of target data. */ 132 size_t size; 133 134 /* Size of target data relevent for userspace comparison purposes */ 135 size_t userspacesize; 136 137 /* Function which prints out usage message. */ 138 void (*help)(void); 139 140 /* Initialize the target. */ 141 void (*init)(struct xt_entry_target *t); 142 143 /* Function which parses command options; returns true if it 144 ate an option */ 145 /* entry is struct ipt_entry for example */ 146 int (*parse)(int c, char **argv, int invert, unsigned int *flags, 147 const void *entry, 148 struct xt_entry_target **targetinfo); 149 150 /* Final check; exit if not ok. */ 151 void (*final_check)(unsigned int flags); 152 153 /* Prints out the target iff non-NULL: put space at end */ 154 void (*print)(const void *ip, 155 const struct xt_entry_target *target, int numeric); 156 157 /* Saves the targinfo in parsable form to stdout. */ 158 void (*save)(const void *ip, 159 const struct xt_entry_target *target); 160 161 /* Pointer to list of extra command-line options */ 162 const struct option *extra_opts; 163 164 /* Ignore these men behind the curtain: */ 165 unsigned int option_offset; 166 struct xt_entry_target *t; 167 unsigned int tflags; 168 unsigned int used; 169#ifdef NO_SHARED_LIBS 170 unsigned int loaded; /* simulate loading so options are merged properly */ 171#endif 172}; 173 174extern char *lib_dir; 175 176extern void *fw_calloc(size_t count, size_t size); 177extern void *fw_malloc(size_t size); 178 179extern const char *modprobe_program; 180extern int xtables_insmod(const char *modname, const char *modprobe, int quiet); 181extern int load_xtables_ko(const char *modprobe, int quiet); 182 183/* This is decleared in ip[6]tables.c */ 184extern struct afinfo afinfo; 185 186/* Keeping track of external matches and targets: linked lists. */ 187extern struct xtables_match *xtables_matches; 188extern struct xtables_target *xtables_targets; 189 190/* Your shared library should call one of these. */ 191extern void xtables_register_match(struct xtables_match *me); 192extern void xtables_register_target(struct xtables_target *me); 193 194extern struct xtables_match *find_match(const char *name, enum xt_tryload, 195 struct xtables_rule_match **match); 196extern struct xtables_target *find_target(const char *name, enum xt_tryload); 197 198extern int string_to_number_ll(const char *s, 199 unsigned long long min, 200 unsigned long long max, 201 unsigned long long *ret); 202extern int string_to_number_l(const char *s, 203 unsigned long min, 204 unsigned long max, 205 unsigned long *ret); 206extern int string_to_number(const char *s, 207 unsigned int min, 208 unsigned int max, 209 unsigned int *ret); 210extern bool strtonuml(const char *, char **, unsigned long *, 211 unsigned long, unsigned long); 212extern bool strtonum(const char *, char **, unsigned int *, 213 unsigned int, unsigned int); 214extern int service_to_port(const char *name, const char *proto); 215extern u_int16_t parse_port(const char *port, const char *proto); 216extern void 217parse_interface(const char *arg, char *vianame, unsigned char *mask); 218 219enum exittype { 220 OTHER_PROBLEM = 1, 221 PARAMETER_PROBLEM, 222 VERSION_PROBLEM, 223 RESOURCE_PROBLEM, 224 P_ONLY_ONCE, 225 P_NO_INVERT, 226 P_BAD_VALUE, 227 P_ONE_ACTION, 228}; 229 230/* this is a special 64bit data type that is 8-byte aligned */ 231#define aligned_u64 u_int64_t __attribute__((aligned(8))) 232 233int check_inverse(const char option[], int *invert, int *my_optind, int argc); 234void exit_error(enum exittype, const char *, ...)__attribute__((noreturn, 235 format(printf,2,3))); 236extern void param_act(unsigned int, const char *, ...); 237extern const char *program_name, *program_version; 238 239extern const char *ipaddr_to_numeric(const struct in_addr *); 240extern const char *ipaddr_to_anyname(const struct in_addr *); 241extern const char *ipmask_to_numeric(const struct in_addr *); 242extern struct in_addr *numeric_to_ipaddr(const char *); 243extern struct in_addr *numeric_to_ipmask(const char *); 244extern void ipparse_hostnetworkmask(const char *, struct in_addr **, 245 struct in_addr *, unsigned int *); 246 247extern struct in6_addr *numeric_to_ip6addr(const char *); 248extern const char *ip6addr_to_numeric(const struct in6_addr *); 249extern const char *ip6addr_to_anyname(const struct in6_addr *); 250extern const char *ip6mask_to_numeric(const struct in6_addr *); 251extern void ip6parse_hostnetworkmask(const char *, struct in6_addr **, 252 struct in6_addr *, unsigned int *); 253 254/** 255 * Print the specified value to standard output, quoting dangerous 256 * characters if required. 257 */ 258extern void save_string(const char *value); 259 260#ifdef NO_SHARED_LIBS 261# ifdef _INIT 262# undef _init 263# define _init _INIT 264# endif 265 extern void init_extensions(void); 266#else 267# define _init __attribute__((constructor)) _INIT 268#endif 269 270#endif /* _XTABLES_H */ 271