| Yasuyuki KOZAKAI | 5208806 | 2007-07-24 05:44:11 +0000 | [diff] [blame] | 1 | #ifndef _XTABLES_H |
| 2 | #define _XTABLES_H |
| 3 | |
| Yasuyuki KOZAKAI | 0d502bc | 2007-07-24 05:52:07 +0000 | [diff] [blame] | 4 | #include <sys/types.h> |
| 5 | #include <linux/netfilter/x_tables.h> |
| 6 | #include <libiptc/libxtc.h> |
| 7 | |
| 8 | /* protocol family dependent informations */ |
| 9 | struct afinfo { |
| 10 | /* protocol family */ |
| 11 | int family; |
| 12 | |
| 13 | /* prefix of library name (ex "libipt_" */ |
| 14 | char *libprefix; |
| 15 | |
| 16 | /* used by setsockopt (ex IPPROTO_IP */ |
| 17 | int ipproto; |
| 18 | |
| 19 | /* kernel module (ex "ip_tables" */ |
| 20 | char *kmod; |
| 21 | |
| 22 | /* optname to check revision support of match */ |
| 23 | int so_rev_match; |
| 24 | |
| 25 | /* optname to check revision support of match */ |
| 26 | int so_rev_target; |
| 27 | }; |
| 28 | |
| 29 | enum xt_tryload { |
| 30 | DONT_LOAD, |
| 31 | DURING_LOAD, |
| 32 | TRY_LOAD, |
| 33 | LOAD_MUST_SUCCEED |
| 34 | }; |
| 35 | |
| 36 | struct xtables_rule_match |
| 37 | { |
| 38 | struct xtables_rule_match *next; |
| 39 | struct xtables_match *match; |
| 40 | /* Multiple matches of the same type: the ones before |
| 41 | the current one are completed from parsing point of view */ |
| 42 | unsigned int completed; |
| 43 | }; |
| 44 | |
| 45 | /* Include file for additions: new matches and targets. */ |
| 46 | struct xtables_match |
| 47 | { |
| 48 | struct xtables_match *next; |
| 49 | |
| 50 | xt_chainlabel name; |
| 51 | |
| 52 | /* Revision of match (0 by default). */ |
| 53 | u_int8_t revision; |
| 54 | |
| 55 | u_int16_t family; |
| 56 | |
| 57 | const char *version; |
| 58 | |
| 59 | /* Size of match data. */ |
| 60 | size_t size; |
| 61 | |
| 62 | /* Size of match data relevent for userspace comparison purposes */ |
| 63 | size_t userspacesize; |
| 64 | |
| 65 | /* Function which prints out usage message. */ |
| 66 | void (*help)(void); |
| 67 | |
| 68 | /* Initialize the match. */ |
| 69 | void (*init)(struct xt_entry_match *m, unsigned int *nfcache); |
| 70 | |
| 71 | /* Function which parses command options; returns true if it |
| 72 | ate an option */ |
| 73 | /* entry is struct ipt_entry for example */ |
| 74 | int (*parse)(int c, char **argv, int invert, unsigned int *flags, |
| 75 | const void *entry, |
| 76 | unsigned int *nfcache, |
| 77 | struct xt_entry_match **match); |
| 78 | |
| 79 | /* Final check; exit if not ok. */ |
| 80 | void (*final_check)(unsigned int flags); |
| 81 | |
| 82 | /* Prints out the match iff non-NULL: put space at end */ |
| 83 | /* ip is struct ipt_ip * for example */ |
| 84 | void (*print)(const void *ip, |
| 85 | const struct xt_entry_match *match, int numeric); |
| 86 | |
| 87 | /* Saves the match info in parsable form to stdout. */ |
| 88 | /* ip is struct ipt_ip * for example */ |
| 89 | void (*save)(const void *ip, const struct xt_entry_match *match); |
| 90 | |
| 91 | /* Pointer to list of extra command-line options */ |
| 92 | const struct option *extra_opts; |
| 93 | |
| 94 | /* Ignore these men behind the curtain: */ |
| 95 | unsigned int option_offset; |
| 96 | struct xt_entry_match *m; |
| 97 | unsigned int mflags; |
| 98 | #ifdef NO_SHARED_LIBS |
| 99 | unsigned int loaded; /* simulate loading so options are merged properly */ |
| 100 | #endif |
| 101 | }; |
| 102 | |
| 103 | struct xtables_target |
| 104 | { |
| 105 | struct xtables_target *next; |
| 106 | |
| 107 | xt_chainlabel name; |
| 108 | |
| 109 | /* Revision of target (0 by default). */ |
| 110 | u_int8_t revision; |
| 111 | |
| 112 | u_int16_t family; |
| 113 | |
| 114 | const char *version; |
| 115 | |
| 116 | /* Size of target data. */ |
| 117 | size_t size; |
| 118 | |
| 119 | /* Size of target data relevent for userspace comparison purposes */ |
| 120 | size_t userspacesize; |
| 121 | |
| 122 | /* Function which prints out usage message. */ |
| 123 | void (*help)(void); |
| 124 | |
| 125 | /* Initialize the target. */ |
| 126 | void (*init)(struct xt_entry_target *t, unsigned int *nfcache); |
| 127 | |
| 128 | /* Function which parses command options; returns true if it |
| 129 | ate an option */ |
| 130 | /* entry is struct ipt_entry for example */ |
| 131 | int (*parse)(int c, char **argv, int invert, unsigned int *flags, |
| 132 | const void *entry, |
| 133 | struct xt_entry_target **targetinfo); |
| 134 | |
| 135 | /* Final check; exit if not ok. */ |
| 136 | void (*final_check)(unsigned int flags); |
| 137 | |
| 138 | /* Prints out the target iff non-NULL: put space at end */ |
| 139 | void (*print)(const void *ip, |
| 140 | const struct xt_entry_target *target, int numeric); |
| 141 | |
| 142 | /* Saves the targinfo in parsable form to stdout. */ |
| 143 | void (*save)(const void *ip, |
| 144 | const struct xt_entry_target *target); |
| 145 | |
| 146 | /* Pointer to list of extra command-line options */ |
| 147 | struct option *extra_opts; |
| 148 | |
| 149 | /* Ignore these men behind the curtain: */ |
| 150 | unsigned int option_offset; |
| 151 | struct xt_entry_target *t; |
| 152 | unsigned int tflags; |
| 153 | unsigned int used; |
| 154 | #ifdef NO_SHARED_LIBS |
| 155 | unsigned int loaded; /* simulate loading so options are merged properly */ |
| 156 | #endif |
| 157 | }; |
| 158 | |
| 159 | extern char *lib_dir; |
| 160 | |
| Yasuyuki KOZAKAI | 3dfa448 | 2007-07-24 05:45:33 +0000 | [diff] [blame] | 161 | extern void *fw_calloc(size_t count, size_t size); |
| 162 | extern void *fw_malloc(size_t size); |
| 163 | |
| Yasuyuki KOZAKAI | 0b82e8e | 2007-07-24 05:47:40 +0000 | [diff] [blame] | 164 | extern const char *modprobe; |
| 165 | extern int xtables_insmod(const char *modname, const char *modprobe, int quiet); |
| Yasuyuki KOZAKAI | 0d502bc | 2007-07-24 05:52:07 +0000 | [diff] [blame] | 166 | extern int load_xtables_ko(const char *modprobe, int quiet); |
| 167 | |
| 168 | /* This is decleared in ip[6]tables.c */ |
| 169 | extern struct afinfo afinfo; |
| 170 | |
| 171 | /* Keeping track of external matches and targets: linked lists. */ |
| 172 | extern struct xtables_match *xtables_matches; |
| 173 | extern struct xtables_target *xtables_targets; |
| 174 | |
| 175 | /* Your shared library should call one of these. */ |
| 176 | extern void xtables_register_match(struct xtables_match *me); |
| 177 | extern void xtables_register_target(struct xtables_target *me); |
| 178 | |
| 179 | extern struct xtables_match *find_match(const char *name, enum xt_tryload, |
| 180 | struct xtables_rule_match **match); |
| 181 | extern struct xtables_target *find_target(const char *name, enum xt_tryload); |
| Yasuyuki KOZAKAI | 0b82e8e | 2007-07-24 05:47:40 +0000 | [diff] [blame] | 182 | |
| Yasuyuki KOZAKAI | 04f8c54 | 2007-07-24 05:53:48 +0000 | [diff] [blame^] | 183 | extern int string_to_number_ll(const char *s, |
| 184 | unsigned long long min, |
| 185 | unsigned long long max, |
| 186 | unsigned long long *ret); |
| 187 | extern int string_to_number_l(const char *s, |
| 188 | unsigned long min, |
| 189 | unsigned long max, |
| 190 | unsigned long *ret); |
| 191 | extern int string_to_number(const char *s, |
| 192 | unsigned int min, |
| 193 | unsigned int max, |
| 194 | unsigned int *ret); |
| 195 | extern int service_to_port(const char *name, const char *proto); |
| 196 | extern u_int16_t parse_port(const char *port, const char *proto); |
| 197 | extern void |
| 198 | parse_interface(const char *arg, char *vianame, unsigned char *mask); |
| 199 | |
| Yasuyuki KOZAKAI | 5208806 | 2007-07-24 05:44:11 +0000 | [diff] [blame] | 200 | #endif /* _XTABLES_H */ |