1 #ifndef IPTABLES_XSHARED_H 2 #define IPTABLES_XSHARED_H 1 3 4 #include <limits.h> 5 #include <stdbool.h> 6 #include <stdint.h> 7 #include <netinet/in.h> 8 #include <net/if.h> 9 #include <sys/time.h> 10 #include <linux/netfilter_ipv4/ip_tables.h> 11 #include <linux/netfilter_ipv6/ip6_tables.h> 12 13 enum { 14 OPT_NONE = 0, 15 OPT_NUMERIC = 1 << 0, 16 OPT_SOURCE = 1 << 1, 17 OPT_DESTINATION = 1 << 2, 18 OPT_PROTOCOL = 1 << 3, 19 OPT_JUMP = 1 << 4, 20 OPT_VERBOSE = 1 << 5, 21 OPT_EXPANDED = 1 << 6, 22 OPT_VIANAMEIN = 1 << 7, 23 OPT_VIANAMEOUT = 1 << 8, 24 OPT_LINENUMBERS = 1 << 9, 25 OPT_COUNTERS = 1 << 10, 26 }; 27 28 struct xtables_globals; 29 struct xtables_rule_match; 30 struct xtables_target; 31 32 /** 33 * xtables_afinfo - protocol family dependent information 34 * @kmod: kernel module basename (e.g. "ip_tables") 35 * @proc_exists: file which exists in procfs when module already loaded 36 * @libprefix: prefix of .so library name (e.g. "libipt_") 37 * @family: nfproto family 38 * @ipproto: used by setsockopt (e.g. IPPROTO_IP) 39 * @so_rev_match: optname to check revision support of match 40 * @so_rev_target: optname to check revision support of target 41 */ 42 struct xtables_afinfo { 43 const char *kmod; 44 const char *proc_exists; 45 const char *libprefix; 46 uint8_t family; 47 uint8_t ipproto; 48 int so_rev_match; 49 int so_rev_target; 50 }; 51 52 struct iptables_command_state { 53 union { 54 struct ipt_entry fw; 55 struct ip6t_entry fw6; 56 }; 57 int invert; 58 int c; 59 unsigned int options; 60 struct xtables_rule_match *matches; 61 struct xtables_target *target; 62 struct xt_counters counters; 63 char *protocol; 64 int proto_used; 65 const char *jumpto; 66 char **argv; 67 bool restore; 68 }; 69 70 typedef int (*mainfunc_t)(int, char **); 71 72 struct subcommand { 73 const char *name; 74 mainfunc_t main; 75 }; 76 77 enum { 78 XT_OPTION_OFFSET_SCALE = 256, 79 }; 80 81 extern void print_extension_helps(const struct xtables_target *, 82 const struct xtables_rule_match *); 83 extern const char *proto_to_name(uint8_t, int); 84 extern int command_default(struct iptables_command_state *, 85 struct xtables_globals *); 86 extern struct xtables_match *load_proto(struct iptables_command_state *); 87 extern int subcmd_main(int, char **, const struct subcommand *); 88 extern void xs_init_target(struct xtables_target *); 89 extern void xs_init_match(struct xtables_match *); 90 91 /** 92 * Values for the iptables lock. 93 * 94 * A value >= 0 indicates the lock filedescriptor. Other values are: 95 * 96 * XT_LOCK_UNSUPPORTED : The system does not support locking, execution will 97 * proceed lockless. 98 * 99 * XT_LOCK_BUSY : The lock was held by another process. xtables_lock only 100 * returns this value when |wait| == false. If |wait| == true, xtables_lock 101 * will not return unless the lock has been acquired. 102 * 103 * XT_LOCK_NOT_ACQUIRED : We have not yet attempted to acquire the lock. 104 */ 105 enum { 106 XT_LOCK_BUSY = -1, 107 XT_LOCK_UNSUPPORTED = -2, 108 XT_LOCK_NOT_ACQUIRED = -3, 109 }; 110 extern int xtables_lock(int wait, struct timeval *tv); 111 extern void xtables_unlock(int lock); 112 113 int parse_wait_time(int argc, char *argv[]); 114 void parse_wait_interval(int argc, char *argv[], struct timeval *wait_interval); 115 bool xs_has_arg(int argc, char *argv[]); 116 117 extern const struct xtables_afinfo *afinfo; 118 119 #endif /* IPTABLES_XSHARED_H */ 120
