• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 #ifndef _IP6TABLES_USER_H
2 #define _IP6TABLES_USER_H
3 
4 #include "iptables_common.h"
5 #include "libiptc/libip6tc.h"
6 
7 #ifndef IP6T_LIB_DIR
8 #define IP6T_LIB_DIR "/usr/local/lib/iptables"
9 #endif
10 
11 #ifndef IPPROTO_SCTP
12 #define IPPROTO_SCTP 132
13 #endif
14 #ifndef IPPROTO_DCCP
15 #define IPPROTO_DCCP 33
16 #endif
17 #ifndef IPPROTO_UDPLITE
18 #define IPPROTO_UDPLITE 136
19 #endif
20 
21 #ifndef IP6T_SO_GET_REVISION_MATCH /* Old kernel source. */
22 #define IP6T_SO_GET_REVISION_MATCH	68
23 #define IP6T_SO_GET_REVISION_TARGET	69
24 
25 struct ip6t_get_revision
26 {
27 	char name[IP6T_FUNCTION_MAXNAMELEN-1];
28 
29 	u_int8_t revision;
30 };
31 #endif /* IP6T_SO_GET_REVISION_MATCH   Old kernel source */
32 
33 struct ip6tables_rule_match
34 {
35 	struct ip6tables_rule_match *next;
36 
37 	struct ip6tables_match *match;
38 
39 	/* Multiple matches of the same type: the ones before
40 	   the current one are completed from parsing point of view */
41 	unsigned int completed;
42 };
43 
44 /* Include file for additions: new matches and targets. */
45 struct ip6tables_match
46 {
47 	struct ip6tables_match *next;
48 
49 	ip6t_chainlabel name;
50 
51 	/* Revision of match (0 by default). */
52 	u_int8_t revision;
53 
54 	const char *version;
55 
56 	/* Size of match data. */
57 	size_t size;
58 
59 	/* Size of match data relevent for userspace comparison purposes */
60 	size_t userspacesize;
61 
62 	/* Function which prints out usage message. */
63 	void (*help)(void);
64 
65 	/* Initialize the match. */
66 	void (*init)(struct ip6t_entry_match *m, unsigned int *nfcache);
67 
68 	/* Function which parses command options; returns true if it
69 	   ate an option */
70 	int (*parse)(int c, char **argv, int invert, unsigned int *flags,
71 		     const struct ip6t_entry *entry,
72 		     unsigned int *nfcache,
73 		     struct ip6t_entry_match **match);
74 
75 	/* Final check; exit if not ok. */
76 	void (*final_check)(unsigned int flags);
77 
78 	/* Prints out the match iff non-NULL: put space at end */
79 	void (*print)(const struct ip6t_ip6 *ip,
80 		      const struct ip6t_entry_match *match, int numeric);
81 
82 	/* Saves the union ipt_matchinfo in parsable form to stdout. */
83 	void (*save)(const struct ip6t_ip6 *ip,
84 		     const struct ip6t_entry_match *match);
85 
86 	/* Pointer to list of extra command-line options */
87 	const struct option *extra_opts;
88 
89 	/* Ignore these men behind the curtain: */
90 	unsigned int option_offset;
91 	struct ip6t_entry_match *m;
92 	unsigned int mflags;
93 #ifdef NO_SHARED_LIBS
94 	unsigned int loaded; /* simulate loading so options are merged properly */
95 #endif
96 };
97 
98 struct ip6tables_target
99 {
100 	struct ip6tables_target *next;
101 
102 	ip6t_chainlabel name;
103 
104 	const char *version;
105 
106 	/* Size of target data. */
107 	size_t size;
108 
109 	/* Size of target data relevent for userspace comparison purposes */
110 	size_t userspacesize;
111 
112 	/* Function which prints out usage message. */
113 	void (*help)(void);
114 
115 	/* Initialize the target. */
116 	void (*init)(struct ip6t_entry_target *t, unsigned int *nfcache);
117 
118 	/* Function which parses command options; returns true if it
119 	   ate an option */
120 	int (*parse)(int c, char **argv, int invert, unsigned int *flags,
121 		     const struct ip6t_entry *entry,
122 		     struct ip6t_entry_target **target);
123 
124 	/* Final check; exit if not ok. */
125 	void (*final_check)(unsigned int flags);
126 
127 	/* Prints out the target iff non-NULL: put space at end */
128 	void (*print)(const struct ip6t_ip6 *ip,
129 		      const struct ip6t_entry_target *target, int numeric);
130 
131 	/* Saves the targinfo in parsable form to stdout. */
132 	void (*save)(const struct ip6t_ip6 *ip,
133 		     const struct ip6t_entry_target *target);
134 
135 	/* Pointer to list of extra command-line options */
136 	struct option *extra_opts;
137 
138 	/* Ignore these men behind the curtain: */
139 	unsigned int option_offset;
140 	struct ip6t_entry_target *t;
141 	unsigned int tflags;
142 	unsigned int used;
143 #ifdef NO_SHARED_LIBS
144 	unsigned int loaded; /* simulate loading so options are merged properly */
145 #endif
146 };
147 
148 extern int line;
149 
150 /* Your shared library should call one of these. */
151 extern void register_match6(struct ip6tables_match *me);
152 extern void register_target6(struct ip6tables_target *me);
153 
154 extern int service_to_port(const char *name, const char *proto);
155 extern u_int16_t parse_port(const char *port, const char *proto);
156 extern int do_command6(int argc, char *argv[], char **table,
157 		       ip6tc_handle_t *handle);
158 /* Keeping track of external matches and targets: linked lists. */
159 extern struct ip6tables_match *ip6tables_matches;
160 extern struct ip6tables_target *ip6tables_targets;
161 
162 enum ip6t_tryload {
163 	DONT_LOAD,
164 	DURING_LOAD,
165 	TRY_LOAD,
166 	LOAD_MUST_SUCCEED
167 };
168 
169 extern struct ip6tables_target *find_target(const char *name, enum ip6t_tryload);
170 extern struct ip6tables_match *find_match(const char *name, enum ip6t_tryload, struct ip6tables_rule_match **match);
171 
172 extern void parse_interface(const char *arg, char *vianame, unsigned char *mask);
173 
174 extern int for_each_chain(int (*fn)(const ip6t_chainlabel, int, ip6tc_handle_t *), int verbose, int builtinstoo, ip6tc_handle_t *handle);
175 extern int flush_entries(const ip6t_chainlabel chain, int verbose, ip6tc_handle_t *handle);
176 extern int delete_chain(const ip6t_chainlabel chain, int verbose, ip6tc_handle_t *handle);
177 extern int ip6tables_insmod(const char *modname, const char *modprobe);
178 extern int load_ip6tables_ko(const char *modprobe);
179 
180 #endif /*_IP6TABLES_USER_H*/
181