11ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger#ifndef _LIBIP6TC_H 21ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger#define _LIBIP6TC_H 31ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger/* Library which manipulates firewall rules. Version 0.2. */ 41ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger 55cd1adba79d33644debd4ba498bb262c5bebcfbaStephen Hemminger#include <linux/types.h> 61ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger#include <libiptc/ipt_kernel_headers.h> 75cd1adba79d33644debd4ba498bb262c5bebcfbaStephen Hemminger#ifdef __cplusplus 85cd1adba79d33644debd4ba498bb262c5bebcfbaStephen Hemminger# include <climits> 95cd1adba79d33644debd4ba498bb262c5bebcfbaStephen Hemminger#else 105cd1adba79d33644debd4ba498bb262c5bebcfbaStephen Hemminger# include <limits.h> /* INT_MAX in ip6_tables.h */ 111ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger#endif 125cd1adba79d33644debd4ba498bb262c5bebcfbaStephen Hemminger#include <linux/netfilter_ipv6/ip6_tables.h> 135cd1adba79d33644debd4ba498bb262c5bebcfbaStephen Hemminger#include <libiptc/xtcshared.h> 141ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger 155cd1adba79d33644debd4ba498bb262c5bebcfbaStephen Hemminger#define ip6tc_handle xtc_handle 165cd1adba79d33644debd4ba498bb262c5bebcfbaStephen Hemminger#define ip6t_chainlabel xt_chainlabel 171ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger 181ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger#define IP6TC_LABEL_ACCEPT "ACCEPT" 191ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger#define IP6TC_LABEL_DROP "DROP" 201ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger#define IP6TC_LABEL_QUEUE "QUEUE" 211ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger#define IP6TC_LABEL_RETURN "RETURN" 221ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger 231ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger/* Does this chain exist? */ 245cd1adba79d33644debd4ba498bb262c5bebcfbaStephen Hemmingerint ip6tc_is_chain(const char *chain, struct xtc_handle *const handle); 251ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger 261ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger/* Take a snapshot of the rules. Returns NULL on error. */ 275cd1adba79d33644debd4ba498bb262c5bebcfbaStephen Hemmingerstruct xtc_handle *ip6tc_init(const char *tablename); 281ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger 291ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger/* Cleanup after ip6tc_init(). */ 305cd1adba79d33644debd4ba498bb262c5bebcfbaStephen Hemmingervoid ip6tc_free(struct xtc_handle *h); 311ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger 321ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger/* Iterator functions to run through the chains. Returns NULL at end. */ 335cd1adba79d33644debd4ba498bb262c5bebcfbaStephen Hemmingerconst char *ip6tc_first_chain(struct xtc_handle *handle); 345cd1adba79d33644debd4ba498bb262c5bebcfbaStephen Hemmingerconst char *ip6tc_next_chain(struct xtc_handle *handle); 351ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger 361ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger/* Get first rule in the given chain: NULL for empty chain. */ 371ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemmingerconst struct ip6t_entry *ip6tc_first_rule(const char *chain, 385cd1adba79d33644debd4ba498bb262c5bebcfbaStephen Hemminger struct xtc_handle *handle); 391ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger 401ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger/* Returns NULL when rules run out. */ 411ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemmingerconst struct ip6t_entry *ip6tc_next_rule(const struct ip6t_entry *prev, 425cd1adba79d33644debd4ba498bb262c5bebcfbaStephen Hemminger struct xtc_handle *handle); 431ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger 441ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger/* Returns a pointer to the target name of this position. */ 451ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemmingerconst char *ip6tc_get_target(const struct ip6t_entry *e, 465cd1adba79d33644debd4ba498bb262c5bebcfbaStephen Hemminger struct xtc_handle *handle); 471ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger 481ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger/* Is this a built-in chain? */ 495cd1adba79d33644debd4ba498bb262c5bebcfbaStephen Hemmingerint ip6tc_builtin(const char *chain, struct xtc_handle *const handle); 501ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger 511ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger/* Get the policy of a given built-in chain */ 521ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemmingerconst char *ip6tc_get_policy(const char *chain, 535cd1adba79d33644debd4ba498bb262c5bebcfbaStephen Hemminger struct xt_counters *counters, 545cd1adba79d33644debd4ba498bb262c5bebcfbaStephen Hemminger struct xtc_handle *handle); 551ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger 561ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger/* These functions return TRUE for OK or 0 and set errno. If errno == 571ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger 0, it means there was a version error (ie. upgrade libiptc). */ 581ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger/* Rule numbers start at 1 for the first rule. */ 591ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger 601ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger/* Insert the entry `fw' in chain `chain' into position `rulenum'. */ 615cd1adba79d33644debd4ba498bb262c5bebcfbaStephen Hemmingerint ip6tc_insert_entry(const xt_chainlabel chain, 621ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger const struct ip6t_entry *e, 631ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger unsigned int rulenum, 645cd1adba79d33644debd4ba498bb262c5bebcfbaStephen Hemminger struct xtc_handle *handle); 651ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger 661ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger/* Atomically replace rule `rulenum' in `chain' with `fw'. */ 675cd1adba79d33644debd4ba498bb262c5bebcfbaStephen Hemmingerint ip6tc_replace_entry(const xt_chainlabel chain, 681ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger const struct ip6t_entry *e, 691ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger unsigned int rulenum, 705cd1adba79d33644debd4ba498bb262c5bebcfbaStephen Hemminger struct xtc_handle *handle); 711ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger 721ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger/* Append entry `fw' to chain `chain'. Equivalent to insert with 731ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger rulenum = length of chain. */ 745cd1adba79d33644debd4ba498bb262c5bebcfbaStephen Hemmingerint ip6tc_append_entry(const xt_chainlabel chain, 751ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger const struct ip6t_entry *e, 765cd1adba79d33644debd4ba498bb262c5bebcfbaStephen Hemminger struct xtc_handle *handle); 775cd1adba79d33644debd4ba498bb262c5bebcfbaStephen Hemminger 785cd1adba79d33644debd4ba498bb262c5bebcfbaStephen Hemminger/* Check whether a matching rule exists */ 795cd1adba79d33644debd4ba498bb262c5bebcfbaStephen Hemmingerint ip6tc_check_entry(const xt_chainlabel chain, 805cd1adba79d33644debd4ba498bb262c5bebcfbaStephen Hemminger const struct ip6t_entry *origfw, 815cd1adba79d33644debd4ba498bb262c5bebcfbaStephen Hemminger unsigned char *matchmask, 825cd1adba79d33644debd4ba498bb262c5bebcfbaStephen Hemminger struct xtc_handle *handle); 831ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger 841ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger/* Delete the first rule in `chain' which matches `fw'. */ 855cd1adba79d33644debd4ba498bb262c5bebcfbaStephen Hemmingerint ip6tc_delete_entry(const xt_chainlabel chain, 861ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger const struct ip6t_entry *origfw, 871ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger unsigned char *matchmask, 885cd1adba79d33644debd4ba498bb262c5bebcfbaStephen Hemminger struct xtc_handle *handle); 891ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger 901ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger/* Delete the rule in position `rulenum' in `chain'. */ 915cd1adba79d33644debd4ba498bb262c5bebcfbaStephen Hemmingerint ip6tc_delete_num_entry(const xt_chainlabel chain, 921ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger unsigned int rulenum, 935cd1adba79d33644debd4ba498bb262c5bebcfbaStephen Hemminger struct xtc_handle *handle); 941ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger 951ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger/* Check the packet `fw' on chain `chain'. Returns the verdict, or 961ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger NULL and sets errno. */ 975cd1adba79d33644debd4ba498bb262c5bebcfbaStephen Hemmingerconst char *ip6tc_check_packet(const xt_chainlabel chain, 981ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger struct ip6t_entry *, 995cd1adba79d33644debd4ba498bb262c5bebcfbaStephen Hemminger struct xtc_handle *handle); 1001ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger 1011ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger/* Flushes the entries in the given chain (ie. empties chain). */ 1025cd1adba79d33644debd4ba498bb262c5bebcfbaStephen Hemmingerint ip6tc_flush_entries(const xt_chainlabel chain, 1035cd1adba79d33644debd4ba498bb262c5bebcfbaStephen Hemminger struct xtc_handle *handle); 1041ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger 1051ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger/* Zeroes the counters in a chain. */ 1065cd1adba79d33644debd4ba498bb262c5bebcfbaStephen Hemmingerint ip6tc_zero_entries(const xt_chainlabel chain, 1075cd1adba79d33644debd4ba498bb262c5bebcfbaStephen Hemminger struct xtc_handle *handle); 1081ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger 1091ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger/* Creates a new chain. */ 1105cd1adba79d33644debd4ba498bb262c5bebcfbaStephen Hemmingerint ip6tc_create_chain(const xt_chainlabel chain, 1115cd1adba79d33644debd4ba498bb262c5bebcfbaStephen Hemminger struct xtc_handle *handle); 1121ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger 1131ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger/* Deletes a chain. */ 1145cd1adba79d33644debd4ba498bb262c5bebcfbaStephen Hemmingerint ip6tc_delete_chain(const xt_chainlabel chain, 1155cd1adba79d33644debd4ba498bb262c5bebcfbaStephen Hemminger struct xtc_handle *handle); 1161ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger 1171ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger/* Renames a chain. */ 1185cd1adba79d33644debd4ba498bb262c5bebcfbaStephen Hemmingerint ip6tc_rename_chain(const xt_chainlabel oldname, 1195cd1adba79d33644debd4ba498bb262c5bebcfbaStephen Hemminger const xt_chainlabel newname, 1205cd1adba79d33644debd4ba498bb262c5bebcfbaStephen Hemminger struct xtc_handle *handle); 1211ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger 1221ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger/* Sets the policy on a built-in chain. */ 1235cd1adba79d33644debd4ba498bb262c5bebcfbaStephen Hemmingerint ip6tc_set_policy(const xt_chainlabel chain, 1245cd1adba79d33644debd4ba498bb262c5bebcfbaStephen Hemminger const xt_chainlabel policy, 1255cd1adba79d33644debd4ba498bb262c5bebcfbaStephen Hemminger struct xt_counters *counters, 1265cd1adba79d33644debd4ba498bb262c5bebcfbaStephen Hemminger struct xtc_handle *handle); 1271ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger 1281ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger/* Get the number of references to this chain */ 1295cd1adba79d33644debd4ba498bb262c5bebcfbaStephen Hemmingerint ip6tc_get_references(unsigned int *ref, const xt_chainlabel chain, 1305cd1adba79d33644debd4ba498bb262c5bebcfbaStephen Hemminger struct xtc_handle *handle); 1311ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger 1321ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger/* read packet and byte counters for a specific rule */ 1335cd1adba79d33644debd4ba498bb262c5bebcfbaStephen Hemmingerstruct xt_counters *ip6tc_read_counter(const xt_chainlabel chain, 1341ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger unsigned int rulenum, 1355cd1adba79d33644debd4ba498bb262c5bebcfbaStephen Hemminger struct xtc_handle *handle); 1361ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger 1371ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger/* zero packet and byte counters for a specific rule */ 1385cd1adba79d33644debd4ba498bb262c5bebcfbaStephen Hemmingerint ip6tc_zero_counter(const xt_chainlabel chain, 1391ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger unsigned int rulenum, 1405cd1adba79d33644debd4ba498bb262c5bebcfbaStephen Hemminger struct xtc_handle *handle); 1411ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger 1421ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger/* set packet and byte counters for a specific rule */ 1435cd1adba79d33644debd4ba498bb262c5bebcfbaStephen Hemmingerint ip6tc_set_counter(const xt_chainlabel chain, 1441ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger unsigned int rulenum, 1455cd1adba79d33644debd4ba498bb262c5bebcfbaStephen Hemminger struct xt_counters *counters, 1465cd1adba79d33644debd4ba498bb262c5bebcfbaStephen Hemminger struct xtc_handle *handle); 1471ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger 1481ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger/* Makes the actual changes. */ 1495cd1adba79d33644debd4ba498bb262c5bebcfbaStephen Hemmingerint ip6tc_commit(struct xtc_handle *handle); 1501ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger 1511ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger/* Get raw socket. */ 1525cd1adba79d33644debd4ba498bb262c5bebcfbaStephen Hemmingerint ip6tc_get_raw_socket(void); 1531ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger 1541ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger/* Translates errno numbers into more human-readable form than strerror. */ 1551ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemmingerconst char *ip6tc_strerror(int err); 1561ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger 1575cd1adba79d33644debd4ba498bb262c5bebcfbaStephen Hemmingerextern void dump_entries6(struct xtc_handle *const); 1585cd1adba79d33644debd4ba498bb262c5bebcfbaStephen Hemminger 1595cd1adba79d33644debd4ba498bb262c5bebcfbaStephen Hemmingerextern const struct xtc_ops ip6tc_ops; 1601ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger 1611ffd7fd23eeaff57eb3b83b9dbbbda89ddf030e3net[shemminger]!shemminger#endif /* _LIBIP6TC_H */ 162