Home | History | Annotate | Download | only in libiptc
      1 #ifndef _LIBIPTC_H
      2 #define _LIBIPTC_H
      3 /* Library which manipulates filtering rules. */
      4 
      5 #include <linux/types.h>
      6 #include <libiptc/ipt_kernel_headers.h>
      7 #ifdef __cplusplus
      8 #	include <climits>
      9 #else
     10 #	include <limits.h> /* INT_MAX in ip_tables.h */
     11 #endif
     12 #include <linux/netfilter_ipv4/ip_tables.h>
     13 
     14 #ifdef __cplusplus
     15 extern "C" {
     16 #endif
     17 
     18 struct iptc_handle;
     19 
     20 typedef char ipt_chainlabel[32];
     21 
     22 #define IPTC_LABEL_ACCEPT  "ACCEPT"
     23 #define IPTC_LABEL_DROP    "DROP"
     24 #define IPTC_LABEL_QUEUE   "QUEUE"
     25 #define IPTC_LABEL_RETURN  "RETURN"
     26 
     27 /* Does this chain exist? */
     28 int iptc_is_chain(const char *chain, struct iptc_handle *const handle);
     29 
     30 /* Take a snapshot of the rules.  Returns NULL on error. */
     31 struct iptc_handle *iptc_init(const char *tablename);
     32 
     33 /* Cleanup after iptc_init(). */
     34 void iptc_free(struct iptc_handle *h);
     35 
     36 /* Iterator functions to run through the chains.  Returns NULL at end. */
     37 const char *iptc_first_chain(struct iptc_handle *handle);
     38 const char *iptc_next_chain(struct iptc_handle *handle);
     39 
     40 /* Get first rule in the given chain: NULL for empty chain. */
     41 const struct ipt_entry *iptc_first_rule(const char *chain,
     42 					struct iptc_handle *handle);
     43 
     44 /* Returns NULL when rules run out. */
     45 const struct ipt_entry *iptc_next_rule(const struct ipt_entry *prev,
     46 				       struct iptc_handle *handle);
     47 
     48 /* Returns a pointer to the target name of this entry. */
     49 const char *iptc_get_target(const struct ipt_entry *e,
     50 			    struct iptc_handle *handle);
     51 
     52 /* Is this a built-in chain? */
     53 int iptc_builtin(const char *chain, struct iptc_handle *const handle);
     54 
     55 /* Get the policy of a given built-in chain */
     56 const char *iptc_get_policy(const char *chain,
     57 			    struct ipt_counters *counter,
     58 			    struct iptc_handle *handle);
     59 
     60 /* These functions return TRUE for OK or 0 and set errno.  If errno ==
     61    0, it means there was a version error (ie. upgrade libiptc). */
     62 /* Rule numbers start at 1 for the first rule. */
     63 
     64 /* Insert the entry `e' in chain `chain' into position `rulenum'. */
     65 int iptc_insert_entry(const ipt_chainlabel chain,
     66 		      const struct ipt_entry *e,
     67 		      unsigned int rulenum,
     68 		      struct iptc_handle *handle);
     69 
     70 /* Atomically replace rule `rulenum' in `chain' with `e'. */
     71 int iptc_replace_entry(const ipt_chainlabel chain,
     72 		       const struct ipt_entry *e,
     73 		       unsigned int rulenum,
     74 		       struct iptc_handle *handle);
     75 
     76 /* Append entry `e' to chain `chain'.  Equivalent to insert with
     77    rulenum = length of chain. */
     78 int iptc_append_entry(const ipt_chainlabel chain,
     79 		      const struct ipt_entry *e,
     80 		      struct iptc_handle *handle);
     81 
     82 /* Check whether a mathching rule exists */
     83 int iptc_check_entry(const ipt_chainlabel chain,
     84 		      const struct ipt_entry *origfw,
     85 		      unsigned char *matchmask,
     86 		      struct iptc_handle *handle);
     87 
     88 /* Delete the first rule in `chain' which matches `e', subject to
     89    matchmask (array of length == origfw) */
     90 int iptc_delete_entry(const ipt_chainlabel chain,
     91 		      const struct ipt_entry *origfw,
     92 		      unsigned char *matchmask,
     93 		      struct iptc_handle *handle);
     94 
     95 /* Delete the rule in position `rulenum' in `chain'. */
     96 int iptc_delete_num_entry(const ipt_chainlabel chain,
     97 			  unsigned int rulenum,
     98 			  struct iptc_handle *handle);
     99 
    100 /* Check the packet `e' on chain `chain'.  Returns the verdict, or
    101    NULL and sets errno. */
    102 const char *iptc_check_packet(const ipt_chainlabel chain,
    103 			      struct ipt_entry *entry,
    104 			      struct iptc_handle *handle);
    105 
    106 /* Flushes the entries in the given chain (ie. empties chain). */
    107 int iptc_flush_entries(const ipt_chainlabel chain,
    108 		       struct iptc_handle *handle);
    109 
    110 /* Zeroes the counters in a chain. */
    111 int iptc_zero_entries(const ipt_chainlabel chain,
    112 		      struct iptc_handle *handle);
    113 
    114 /* Creates a new chain. */
    115 int iptc_create_chain(const ipt_chainlabel chain,
    116 		      struct iptc_handle *handle);
    117 
    118 /* Deletes a chain. */
    119 int iptc_delete_chain(const ipt_chainlabel chain,
    120 		      struct iptc_handle *handle);
    121 
    122 /* Renames a chain. */
    123 int iptc_rename_chain(const ipt_chainlabel oldname,
    124 		      const ipt_chainlabel newname,
    125 		      struct iptc_handle *handle);
    126 
    127 /* Sets the policy on a built-in chain. */
    128 int iptc_set_policy(const ipt_chainlabel chain,
    129 		    const ipt_chainlabel policy,
    130 		    struct ipt_counters *counters,
    131 		    struct iptc_handle *handle);
    132 
    133 /* Get the number of references to this chain */
    134 int iptc_get_references(unsigned int *ref,
    135 			const ipt_chainlabel chain,
    136 			struct iptc_handle *handle);
    137 
    138 /* read packet and byte counters for a specific rule */
    139 struct ipt_counters *iptc_read_counter(const ipt_chainlabel chain,
    140 				       unsigned int rulenum,
    141 				       struct iptc_handle *handle);
    142 
    143 /* zero packet and byte counters for a specific rule */
    144 int iptc_zero_counter(const ipt_chainlabel chain,
    145 		      unsigned int rulenum,
    146 		      struct iptc_handle *handle);
    147 
    148 /* set packet and byte counters for a specific rule */
    149 int iptc_set_counter(const ipt_chainlabel chain,
    150 		     unsigned int rulenum,
    151 		     struct ipt_counters *counters,
    152 		     struct iptc_handle *handle);
    153 
    154 /* Makes the actual changes. */
    155 int iptc_commit(struct iptc_handle *handle);
    156 
    157 /* Get raw socket. */
    158 int iptc_get_raw_socket(void);
    159 
    160 /* Translates errno numbers into more human-readable form than strerror. */
    161 const char *iptc_strerror(int err);
    162 
    163 extern void dump_entries(struct iptc_handle *const);
    164 
    165 #ifdef __cplusplus
    166 }
    167 #endif
    168 
    169 
    170 #endif /* _LIBIPTC_H */
    171