|
Packit Service |
d1fe03 |
#ifndef IPTABLES_XSHARED_H
|
|
Packit Service |
d1fe03 |
#define IPTABLES_XSHARED_H 1
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
#include <limits.h>
|
|
Packit Service |
d1fe03 |
#include <stdbool.h>
|
|
Packit Service |
d1fe03 |
#include <stdint.h>
|
|
Packit Service |
d1fe03 |
#include <netinet/in.h>
|
|
Packit Service |
d1fe03 |
#include <net/if.h>
|
|
Packit Service |
d1fe03 |
#include <linux/netfilter_arp/arp_tables.h>
|
|
Packit Service |
d1fe03 |
#include <linux/netfilter_ipv4/ip_tables.h>
|
|
Packit Service |
d1fe03 |
#include <linux/netfilter_ipv6/ip6_tables.h>
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
#ifdef DEBUG
|
|
Packit Service |
d1fe03 |
#define DEBUGP(x, args...) fprintf(stderr, x, ## args)
|
|
Packit Service |
d1fe03 |
#else
|
|
Packit Service |
d1fe03 |
#define DEBUGP(x, args...)
|
|
Packit Service |
d1fe03 |
#endif
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
enum {
|
|
Packit Service |
d1fe03 |
OPT_NONE = 0,
|
|
Packit Service |
d1fe03 |
OPT_NUMERIC = 1 << 0,
|
|
Packit Service |
d1fe03 |
OPT_SOURCE = 1 << 1,
|
|
Packit Service |
d1fe03 |
OPT_DESTINATION = 1 << 2,
|
|
Packit Service |
d1fe03 |
OPT_PROTOCOL = 1 << 3,
|
|
Packit Service |
d1fe03 |
OPT_JUMP = 1 << 4,
|
|
Packit Service |
d1fe03 |
OPT_VERBOSE = 1 << 5,
|
|
Packit Service |
d1fe03 |
OPT_EXPANDED = 1 << 6,
|
|
Packit Service |
d1fe03 |
OPT_VIANAMEIN = 1 << 7,
|
|
Packit Service |
d1fe03 |
OPT_VIANAMEOUT = 1 << 8,
|
|
Packit Service |
d1fe03 |
OPT_LINENUMBERS = 1 << 9,
|
|
Packit Service |
d1fe03 |
OPT_COUNTERS = 1 << 10,
|
|
Packit Service |
d1fe03 |
/* below are for arptables only */
|
|
Packit Service |
d1fe03 |
OPT_S_MAC = 1 << 11,
|
|
Packit Service |
d1fe03 |
OPT_D_MAC = 1 << 12,
|
|
Packit Service |
d1fe03 |
OPT_H_LENGTH = 1 << 13,
|
|
Packit Service |
d1fe03 |
OPT_OPCODE = 1 << 14,
|
|
Packit Service |
d1fe03 |
OPT_H_TYPE = 1 << 15,
|
|
Packit Service |
d1fe03 |
OPT_P_TYPE = 1 << 16,
|
|
Packit Service |
d1fe03 |
};
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
enum {
|
|
Packit Service |
d1fe03 |
CMD_NONE = 0,
|
|
Packit Service |
d1fe03 |
CMD_INSERT = 1 << 0,
|
|
Packit Service |
d1fe03 |
CMD_DELETE = 1 << 1,
|
|
Packit Service |
d1fe03 |
CMD_DELETE_NUM = 1 << 2,
|
|
Packit Service |
d1fe03 |
CMD_REPLACE = 1 << 3,
|
|
Packit Service |
d1fe03 |
CMD_APPEND = 1 << 4,
|
|
Packit Service |
d1fe03 |
CMD_LIST = 1 << 5,
|
|
Packit Service |
d1fe03 |
CMD_FLUSH = 1 << 6,
|
|
Packit Service |
d1fe03 |
CMD_ZERO = 1 << 7,
|
|
Packit Service |
d1fe03 |
CMD_NEW_CHAIN = 1 << 8,
|
|
Packit Service |
d1fe03 |
CMD_DELETE_CHAIN = 1 << 9,
|
|
Packit Service |
d1fe03 |
CMD_SET_POLICY = 1 << 10,
|
|
Packit Service |
d1fe03 |
CMD_RENAME_CHAIN = 1 << 11,
|
|
Packit Service |
d1fe03 |
CMD_LIST_RULES = 1 << 12,
|
|
Packit Service |
d1fe03 |
CMD_ZERO_NUM = 1 << 13,
|
|
Packit Service |
d1fe03 |
CMD_CHECK = 1 << 14,
|
|
Packit Service |
d1fe03 |
};
|
|
Packit Service |
d1fe03 |
#define NUMBER_OF_CMD 16
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
struct xtables_globals;
|
|
Packit Service |
d1fe03 |
struct xtables_rule_match;
|
|
Packit Service |
d1fe03 |
struct xtables_target;
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
/**
|
|
Packit Service |
d1fe03 |
* xtables_afinfo - protocol family dependent information
|
|
Packit Service |
d1fe03 |
* @kmod: kernel module basename (e.g. "ip_tables")
|
|
Packit Service |
d1fe03 |
* @proc_exists: file which exists in procfs when module already loaded
|
|
Packit Service |
d1fe03 |
* @libprefix: prefix of .so library name (e.g. "libipt_")
|
|
Packit Service |
d1fe03 |
* @family: nfproto family
|
|
Packit Service |
d1fe03 |
* @ipproto: used by setsockopt (e.g. IPPROTO_IP)
|
|
Packit Service |
d1fe03 |
* @so_rev_match: optname to check revision support of match
|
|
Packit Service |
d1fe03 |
* @so_rev_target: optname to check revision support of target
|
|
Packit Service |
d1fe03 |
*/
|
|
Packit Service |
d1fe03 |
struct xtables_afinfo {
|
|
Packit Service |
d1fe03 |
const char *kmod;
|
|
Packit Service |
d1fe03 |
const char *proc_exists;
|
|
Packit Service |
d1fe03 |
const char *libprefix;
|
|
Packit Service |
d1fe03 |
uint8_t family;
|
|
Packit Service |
d1fe03 |
uint8_t ipproto;
|
|
Packit Service |
d1fe03 |
int so_rev_match;
|
|
Packit Service |
d1fe03 |
int so_rev_target;
|
|
Packit Service |
d1fe03 |
};
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
/* trick for ebtables-compat, since watchers are targets */
|
|
Packit Service |
d1fe03 |
struct ebt_match {
|
|
Packit Service |
d1fe03 |
struct ebt_match *next;
|
|
Packit Service |
d1fe03 |
union {
|
|
Packit Service |
d1fe03 |
struct xtables_match *match;
|
|
Packit Service |
d1fe03 |
struct xtables_target *watcher;
|
|
Packit Service |
d1fe03 |
} u;
|
|
Packit Service |
d1fe03 |
bool ismatch;
|
|
Packit Service |
d1fe03 |
};
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
/* Fake ebt_entry */
|
|
Packit Service |
d1fe03 |
struct ebt_entry {
|
|
Packit Service |
d1fe03 |
/* this needs to be the first field */
|
|
Packit Service |
d1fe03 |
unsigned int bitmask;
|
|
Packit Service |
d1fe03 |
unsigned int invflags;
|
|
Packit Service |
d1fe03 |
uint16_t ethproto;
|
|
Packit Service |
d1fe03 |
/* the physical in-dev */
|
|
Packit Service |
d1fe03 |
char in[IFNAMSIZ];
|
|
Packit Service |
d1fe03 |
/* the logical in-dev */
|
|
Packit Service |
d1fe03 |
char logical_in[IFNAMSIZ];
|
|
Packit Service |
d1fe03 |
/* the physical out-dev */
|
|
Packit Service |
d1fe03 |
char out[IFNAMSIZ];
|
|
Packit Service |
d1fe03 |
/* the logical out-dev */
|
|
Packit Service |
d1fe03 |
char logical_out[IFNAMSIZ];
|
|
Packit Service |
d1fe03 |
unsigned char sourcemac[6];
|
|
Packit Service |
d1fe03 |
unsigned char sourcemsk[6];
|
|
Packit Service |
d1fe03 |
unsigned char destmac[6];
|
|
Packit Service |
d1fe03 |
unsigned char destmsk[6];
|
|
Packit Service |
d1fe03 |
};
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
struct iptables_command_state {
|
|
Packit Service |
d1fe03 |
union {
|
|
Packit Service |
d1fe03 |
struct ebt_entry eb;
|
|
Packit Service |
d1fe03 |
struct ipt_entry fw;
|
|
Packit Service |
d1fe03 |
struct ip6t_entry fw6;
|
|
Packit Service |
d1fe03 |
struct arpt_entry arp;
|
|
Packit Service |
d1fe03 |
};
|
|
Packit Service |
d1fe03 |
int invert;
|
|
Packit Service |
d1fe03 |
int c;
|
|
Packit Service |
d1fe03 |
unsigned int options;
|
|
Packit Service |
d1fe03 |
struct xtables_rule_match *matches;
|
|
Packit Service |
d1fe03 |
struct ebt_match *match_list;
|
|
Packit Service |
d1fe03 |
struct xtables_target *target;
|
|
Packit Service |
d1fe03 |
struct xt_counters counters;
|
|
Packit Service |
d1fe03 |
char *protocol;
|
|
Packit Service |
d1fe03 |
int proto_used;
|
|
Packit Service |
d1fe03 |
const char *jumpto;
|
|
Packit Service |
d1fe03 |
char **argv;
|
|
Packit Service |
d1fe03 |
bool restore;
|
|
Packit Service |
d1fe03 |
};
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
typedef int (*mainfunc_t)(int, char **);
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
struct subcommand {
|
|
Packit Service |
d1fe03 |
const char *name;
|
|
Packit Service |
d1fe03 |
mainfunc_t main;
|
|
Packit Service |
d1fe03 |
};
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
enum {
|
|
Packit Service |
d1fe03 |
XT_OPTION_OFFSET_SCALE = 256,
|
|
Packit Service |
d1fe03 |
};
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
extern void print_extension_helps(const struct xtables_target *,
|
|
Packit Service |
d1fe03 |
const struct xtables_rule_match *);
|
|
Packit Service |
d1fe03 |
extern const char *proto_to_name(uint8_t, int);
|
|
Packit Service |
d1fe03 |
extern int command_default(struct iptables_command_state *,
|
|
Packit Service |
d1fe03 |
struct xtables_globals *);
|
|
Packit Service |
d1fe03 |
extern struct xtables_match *load_proto(struct iptables_command_state *);
|
|
Packit Service |
d1fe03 |
extern int subcmd_main(int, char **, const struct subcommand *);
|
|
Packit Service |
d1fe03 |
extern void xs_init_target(struct xtables_target *);
|
|
Packit Service |
d1fe03 |
extern void xs_init_match(struct xtables_match *);
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
/**
|
|
Packit Service |
d1fe03 |
* Values for the iptables lock.
|
|
Packit Service |
d1fe03 |
*
|
|
Packit Service |
d1fe03 |
* A value >= 0 indicates the lock filedescriptor. Other values are:
|
|
Packit Service |
d1fe03 |
*
|
|
Packit Service |
d1fe03 |
* XT_LOCK_FAILED : The lock could not be acquired.
|
|
Packit Service |
d1fe03 |
*
|
|
Packit Service |
d1fe03 |
* XT_LOCK_BUSY : The lock was held by another process. xtables_lock only
|
|
Packit Service |
d1fe03 |
* returns this value when |wait| == false. If |wait| == true, xtables_lock
|
|
Packit Service |
d1fe03 |
* will not return unless the lock has been acquired.
|
|
Packit Service |
d1fe03 |
*
|
|
Packit Service |
d1fe03 |
* XT_LOCK_NOT_ACQUIRED : We have not yet attempted to acquire the lock.
|
|
Packit Service |
d1fe03 |
*/
|
|
Packit Service |
d1fe03 |
enum {
|
|
Packit Service |
d1fe03 |
XT_LOCK_BUSY = -1,
|
|
Packit Service |
d1fe03 |
XT_LOCK_FAILED = -2,
|
|
Packit Service |
d1fe03 |
XT_LOCK_NOT_ACQUIRED = -3,
|
|
Packit Service |
d1fe03 |
};
|
|
Packit Service |
d1fe03 |
extern void xtables_unlock(int lock);
|
|
Packit Service |
d1fe03 |
extern int xtables_lock_or_exit(int wait, struct timeval *tv);
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
int parse_wait_time(int argc, char *argv[]);
|
|
Packit Service |
d1fe03 |
void parse_wait_interval(int argc, char *argv[], struct timeval *wait_interval);
|
|
Packit Service |
d1fe03 |
int parse_counters(const char *string, struct xt_counters *ctr);
|
|
Packit Service |
d1fe03 |
bool tokenize_rule_counters(char **bufferp, char **pcnt, char **bcnt, int line);
|
|
Packit Service |
d1fe03 |
bool xs_has_arg(int argc, char *argv[]);
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
extern const struct xtables_afinfo *afinfo;
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
#define MAX_ARGC 255
|
|
Packit Service |
d1fe03 |
struct argv_store {
|
|
Packit Service |
d1fe03 |
int argc;
|
|
Packit Service |
d1fe03 |
char *argv[MAX_ARGC];
|
|
Packit Service |
d1fe03 |
int argvattr[MAX_ARGC];
|
|
Packit Service |
d1fe03 |
};
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
void add_argv(struct argv_store *store, const char *what, int quoted);
|
|
Packit Service |
d1fe03 |
void free_argv(struct argv_store *store);
|
|
Packit Service |
d1fe03 |
void save_argv(struct argv_store *dst, struct argv_store *src);
|
|
Packit Service |
d1fe03 |
void add_param_to_argv(struct argv_store *store, char *parsestart, int line);
|
|
Packit Service |
d1fe03 |
#ifdef DEBUG
|
|
Packit Service |
d1fe03 |
void debug_print_argv(struct argv_store *store);
|
|
Packit Service |
d1fe03 |
#else
|
|
Packit Service |
d1fe03 |
# define debug_print_argv(...) /* nothing */
|
|
Packit Service |
d1fe03 |
#endif
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
void print_ipv4_addresses(const struct ipt_entry *fw, unsigned int format);
|
|
Packit Service |
d1fe03 |
void print_ipv6_addresses(const struct ip6t_entry *fw6, unsigned int format);
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
void print_ifaces(const char *iniface, const char *outiface, uint8_t invflags,
|
|
Packit Service |
d1fe03 |
unsigned int format);
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
void command_match(struct iptables_command_state *cs);
|
|
Packit Service |
d1fe03 |
const char *xt_parse_target(const char *targetname);
|
|
Packit Service |
d1fe03 |
void command_jump(struct iptables_command_state *cs, const char *jumpto);
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
char cmd2char(int option);
|
|
Packit Service |
d1fe03 |
void add_command(unsigned int *cmd, const int newcmd,
|
|
Packit Service |
d1fe03 |
const int othercmds, int invert);
|
|
Packit Service |
d1fe03 |
int parse_rulenumber(const char *rule);
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
#endif /* IPTABLES_XSHARED_H */
|