1 #ifndef _IPTABLES_USER_H 2 #define _IPTABLES_USER_H 3 4 #include "iptables_common.h" 5 #include "libiptc/libiptc.h" 6 7 #ifndef IPT_LIB_DIR 8 #define IPT_LIB_DIR "/usr/local/lib/iptables" 9 #endif 10 11 #ifndef IPPROTO_SCTP 12 #define IPPROTO_SCTP 132 13 #endif 14 15 #ifndef IPT_SO_GET_REVISION_MATCH /* Old kernel source. */ 16 #define IPT_SO_GET_REVISION_MATCH (IPT_BASE_CTL + 2) 17 #define IPT_SO_GET_REVISION_TARGET (IPT_BASE_CTL + 3) 18 19 struct ipt_get_revision 20 { 21 char name[IPT_FUNCTION_MAXNAMELEN-1]; 22 23 u_int8_t revision; 24 }; 25 #endif /* IPT_SO_GET_REVISION_MATCH Old kernel source */ 26 27 struct iptables_rule_match 28 { 29 struct iptables_rule_match *next; 30 31 struct iptables_match *match; 32 }; 33 34 /* Include file for additions: new matches and targets. */ 35 struct iptables_match 36 { 37 struct iptables_match *next; 38 39 ipt_chainlabel name; 40 41 /* Revision of match (0 by default). */ 42 u_int8_t revision; 43 44 const char *version; 45 46 /* Size of match data. */ 47 size_t size; 48 49 /* Size of match data relevent for userspace comparison purposes */ 50 size_t userspacesize; 51 52 /* Function which prints out usage message. */ 53 void (*help)(void); 54 55 /* Initialize the match. */ 56 void (*init)(struct ipt_entry_match *m, unsigned int *nfcache); 57 58 /* Function which parses command options; returns true if it 59 ate an option */ 60 int (*parse)(int c, char **argv, int invert, unsigned int *flags, 61 const struct ipt_entry *entry, 62 unsigned int *nfcache, 63 struct ipt_entry_match **match); 64 65 /* Final check; exit if not ok. */ 66 void (*final_check)(unsigned int flags); 67 68 /* Prints out the match iff non-NULL: put space at end */ 69 void (*print)(const struct ipt_ip *ip, 70 const struct ipt_entry_match *match, int numeric); 71 72 /* Saves the match info in parsable form to stdout. */ 73 void (*save)(const struct ipt_ip *ip, 74 const struct ipt_entry_match *match); 75 76 /* Pointer to list of extra command-line options */ 77 const struct option *extra_opts; 78 79 /* Ignore these men behind the curtain: */ 80 unsigned int option_offset; 81 struct ipt_entry_match *m; 82 unsigned int mflags; 83 #ifdef NO_SHARED_LIBS 84 unsigned int loaded; /* simulate loading so options are merged properly */ 85 #endif 86 }; 87 88 struct iptables_target 89 { 90 struct iptables_target *next; 91 92 ipt_chainlabel name; 93 94 /* Revision of target (0 by default). */ 95 u_int8_t revision; 96 97 const char *version; 98 99 /* Size of target data. */ 100 size_t size; 101 102 /* Size of target data relevent for userspace comparison purposes */ 103 size_t userspacesize; 104 105 /* Function which prints out usage message. */ 106 void (*help)(void); 107 108 /* Initialize the target. */ 109 void (*init)(struct ipt_entry_target *t, unsigned int *nfcache); 110 111 /* Function which parses command options; returns true if it 112 ate an option */ 113 int (*parse)(int c, char **argv, int invert, unsigned int *flags, 114 const struct ipt_entry *entry, 115 struct ipt_entry_target **target); 116 117 /* Final check; exit if not ok. */ 118 void (*final_check)(unsigned int flags); 119 120 /* Prints out the target iff non-NULL: put space at end */ 121 void (*print)(const struct ipt_ip *ip, 122 const struct ipt_entry_target *target, int numeric); 123 124 /* Saves the targinfo in parsable form to stdout. */ 125 void (*save)(const struct ipt_ip *ip, 126 const struct ipt_entry_target *target); 127 128 /* Pointer to list of extra command-line options */ 129 struct option *extra_opts; 130 131 /* Ignore these men behind the curtain: */ 132 unsigned int option_offset; 133 struct ipt_entry_target *t; 134 unsigned int tflags; 135 unsigned int used; 136 #ifdef NO_SHARED_LIBS 137 unsigned int loaded; /* simulate loading so options are merged properly */ 138 #endif 139 }; 140 141 extern int line; 142 143 /* Your shared library should call one of these. */ 144 extern void register_match(struct iptables_match *me); 145 extern void register_target(struct iptables_target *me); 146 147 extern struct in_addr *dotted_to_addr(const char *dotted); 148 extern char *addr_to_dotted(const struct in_addr *addrp); 149 extern char *addr_to_anyname(const struct in_addr *addr); 150 extern char *mask_to_dotted(const struct in_addr *mask); 151 152 extern void parse_hostnetworkmask(const char *name, struct in_addr **addrpp, 153 struct in_addr *maskp, unsigned int *naddrs); 154 extern u_int16_t parse_protocol(const char *s); 155 156 extern int do_command(int argc, char *argv[], char **table, 157 iptc_handle_t *handle); 158 /* Keeping track of external matches and targets: linked lists. */ 159 extern struct iptables_match *iptables_matches; 160 extern struct iptables_target *iptables_targets; 161 162 enum ipt_tryload { 163 DONT_LOAD, 164 TRY_LOAD, 165 LOAD_MUST_SUCCEED 166 }; 167 168 extern struct iptables_target *find_target(const char *name, enum ipt_tryload); 169 extern struct iptables_match *find_match(const char *name, enum ipt_tryload, struct iptables_rule_match **match); 170 171 extern int delete_chain(const ipt_chainlabel chain, int verbose, 172 iptc_handle_t *handle); 173 extern int flush_entries(const ipt_chainlabel chain, int verbose, 174 iptc_handle_t *handle); 175 extern int for_each_chain(int (*fn)(const ipt_chainlabel, int, iptc_handle_t *), 176 int verbose, int builtinstoo, iptc_handle_t *handle); 177 #endif /*_IPTABLES_USER_H*/ 178
