]>
Commit | Line | Data |
---|---|---|
6054c1eb | 1 | /* SPDX-License-Identifier: GPL-2.0 */ |
1ffd7fd2 | 2 | #ifndef _LIBIP6TC_H |
3 | #define _LIBIP6TC_H | |
4 | /* Library which manipulates firewall rules. Version 0.2. */ | |
5 | ||
5cd1adba | 6 | #include <linux/types.h> |
1ffd7fd2 | 7 | #include <libiptc/ipt_kernel_headers.h> |
5cd1adba SH |
8 | #ifdef __cplusplus |
9 | # include <climits> | |
10 | #else | |
11 | # include <limits.h> /* INT_MAX in ip6_tables.h */ | |
1ffd7fd2 | 12 | #endif |
5cd1adba SH |
13 | #include <linux/netfilter_ipv6/ip6_tables.h> |
14 | #include <libiptc/xtcshared.h> | |
1ffd7fd2 | 15 | |
5cd1adba SH |
16 | #define ip6tc_handle xtc_handle |
17 | #define ip6t_chainlabel xt_chainlabel | |
1ffd7fd2 | 18 | |
19 | #define IP6TC_LABEL_ACCEPT "ACCEPT" | |
20 | #define IP6TC_LABEL_DROP "DROP" | |
21 | #define IP6TC_LABEL_QUEUE "QUEUE" | |
22 | #define IP6TC_LABEL_RETURN "RETURN" | |
23 | ||
1ffd7fd2 | 24 | /* Does this chain exist? */ |
5cd1adba | 25 | int ip6tc_is_chain(const char *chain, struct xtc_handle *const handle); |
1ffd7fd2 | 26 | |
27 | /* Take a snapshot of the rules. Returns NULL on error. */ | |
5cd1adba | 28 | struct xtc_handle *ip6tc_init(const char *tablename); |
1ffd7fd2 | 29 | |
30 | /* Cleanup after ip6tc_init(). */ | |
5cd1adba | 31 | void ip6tc_free(struct xtc_handle *h); |
1ffd7fd2 | 32 | |
33 | /* Iterator functions to run through the chains. Returns NULL at end. */ | |
5cd1adba SH |
34 | const char *ip6tc_first_chain(struct xtc_handle *handle); |
35 | const char *ip6tc_next_chain(struct xtc_handle *handle); | |
1ffd7fd2 | 36 | |
37 | /* Get first rule in the given chain: NULL for empty chain. */ | |
38 | const struct ip6t_entry *ip6tc_first_rule(const char *chain, | |
5cd1adba | 39 | struct xtc_handle *handle); |
1ffd7fd2 | 40 | |
41 | /* Returns NULL when rules run out. */ | |
42 | const struct ip6t_entry *ip6tc_next_rule(const struct ip6t_entry *prev, | |
5cd1adba | 43 | struct xtc_handle *handle); |
1ffd7fd2 | 44 | |
45 | /* Returns a pointer to the target name of this position. */ | |
46 | const char *ip6tc_get_target(const struct ip6t_entry *e, | |
5cd1adba | 47 | struct xtc_handle *handle); |
1ffd7fd2 | 48 | |
49 | /* Is this a built-in chain? */ | |
5cd1adba | 50 | int ip6tc_builtin(const char *chain, struct xtc_handle *const handle); |
1ffd7fd2 | 51 | |
52 | /* Get the policy of a given built-in chain */ | |
53 | const char *ip6tc_get_policy(const char *chain, | |
5cd1adba SH |
54 | struct xt_counters *counters, |
55 | struct xtc_handle *handle); | |
1ffd7fd2 | 56 | |
57 | /* These functions return TRUE for OK or 0 and set errno. If errno == | |
58 | 0, it means there was a version error (ie. upgrade libiptc). */ | |
59 | /* Rule numbers start at 1 for the first rule. */ | |
60 | ||
61 | /* Insert the entry `fw' in chain `chain' into position `rulenum'. */ | |
5cd1adba | 62 | int ip6tc_insert_entry(const xt_chainlabel chain, |
1ffd7fd2 | 63 | const struct ip6t_entry *e, |
64 | unsigned int rulenum, | |
5cd1adba | 65 | struct xtc_handle *handle); |
1ffd7fd2 | 66 | |
67 | /* Atomically replace rule `rulenum' in `chain' with `fw'. */ | |
5cd1adba | 68 | int ip6tc_replace_entry(const xt_chainlabel chain, |
1ffd7fd2 | 69 | const struct ip6t_entry *e, |
70 | unsigned int rulenum, | |
5cd1adba | 71 | struct xtc_handle *handle); |
1ffd7fd2 | 72 | |
73 | /* Append entry `fw' to chain `chain'. Equivalent to insert with | |
74 | rulenum = length of chain. */ | |
5cd1adba | 75 | int ip6tc_append_entry(const xt_chainlabel chain, |
1ffd7fd2 | 76 | const struct ip6t_entry *e, |
5cd1adba SH |
77 | struct xtc_handle *handle); |
78 | ||
79 | /* Check whether a matching rule exists */ | |
80 | int ip6tc_check_entry(const xt_chainlabel chain, | |
81 | const struct ip6t_entry *origfw, | |
82 | unsigned char *matchmask, | |
83 | struct xtc_handle *handle); | |
1ffd7fd2 | 84 | |
85 | /* Delete the first rule in `chain' which matches `fw'. */ | |
5cd1adba | 86 | int ip6tc_delete_entry(const xt_chainlabel chain, |
1ffd7fd2 | 87 | const struct ip6t_entry *origfw, |
88 | unsigned char *matchmask, | |
5cd1adba | 89 | struct xtc_handle *handle); |
1ffd7fd2 | 90 | |
91 | /* Delete the rule in position `rulenum' in `chain'. */ | |
5cd1adba | 92 | int ip6tc_delete_num_entry(const xt_chainlabel chain, |
1ffd7fd2 | 93 | unsigned int rulenum, |
5cd1adba | 94 | struct xtc_handle *handle); |
1ffd7fd2 | 95 | |
96 | /* Check the packet `fw' on chain `chain'. Returns the verdict, or | |
97 | NULL and sets errno. */ | |
5cd1adba | 98 | const char *ip6tc_check_packet(const xt_chainlabel chain, |
1ffd7fd2 | 99 | struct ip6t_entry *, |
5cd1adba | 100 | struct xtc_handle *handle); |
1ffd7fd2 | 101 | |
102 | /* Flushes the entries in the given chain (ie. empties chain). */ | |
5cd1adba SH |
103 | int ip6tc_flush_entries(const xt_chainlabel chain, |
104 | struct xtc_handle *handle); | |
1ffd7fd2 | 105 | |
106 | /* Zeroes the counters in a chain. */ | |
5cd1adba SH |
107 | int ip6tc_zero_entries(const xt_chainlabel chain, |
108 | struct xtc_handle *handle); | |
1ffd7fd2 | 109 | |
110 | /* Creates a new chain. */ | |
5cd1adba SH |
111 | int ip6tc_create_chain(const xt_chainlabel chain, |
112 | struct xtc_handle *handle); | |
1ffd7fd2 | 113 | |
114 | /* Deletes a chain. */ | |
5cd1adba SH |
115 | int ip6tc_delete_chain(const xt_chainlabel chain, |
116 | struct xtc_handle *handle); | |
1ffd7fd2 | 117 | |
118 | /* Renames a chain. */ | |
5cd1adba SH |
119 | int ip6tc_rename_chain(const xt_chainlabel oldname, |
120 | const xt_chainlabel newname, | |
121 | struct xtc_handle *handle); | |
1ffd7fd2 | 122 | |
123 | /* Sets the policy on a built-in chain. */ | |
5cd1adba SH |
124 | int ip6tc_set_policy(const xt_chainlabel chain, |
125 | const xt_chainlabel policy, | |
126 | struct xt_counters *counters, | |
127 | struct xtc_handle *handle); | |
1ffd7fd2 | 128 | |
129 | /* Get the number of references to this chain */ | |
5cd1adba SH |
130 | int ip6tc_get_references(unsigned int *ref, const xt_chainlabel chain, |
131 | struct xtc_handle *handle); | |
1ffd7fd2 | 132 | |
133 | /* read packet and byte counters for a specific rule */ | |
5cd1adba | 134 | struct xt_counters *ip6tc_read_counter(const xt_chainlabel chain, |
1ffd7fd2 | 135 | unsigned int rulenum, |
5cd1adba | 136 | struct xtc_handle *handle); |
1ffd7fd2 | 137 | |
138 | /* zero packet and byte counters for a specific rule */ | |
5cd1adba | 139 | int ip6tc_zero_counter(const xt_chainlabel chain, |
1ffd7fd2 | 140 | unsigned int rulenum, |
5cd1adba | 141 | struct xtc_handle *handle); |
1ffd7fd2 | 142 | |
143 | /* set packet and byte counters for a specific rule */ | |
5cd1adba | 144 | int ip6tc_set_counter(const xt_chainlabel chain, |
1ffd7fd2 | 145 | unsigned int rulenum, |
5cd1adba SH |
146 | struct xt_counters *counters, |
147 | struct xtc_handle *handle); | |
1ffd7fd2 | 148 | |
149 | /* Makes the actual changes. */ | |
5cd1adba | 150 | int ip6tc_commit(struct xtc_handle *handle); |
1ffd7fd2 | 151 | |
152 | /* Get raw socket. */ | |
5cd1adba | 153 | int ip6tc_get_raw_socket(void); |
1ffd7fd2 | 154 | |
155 | /* Translates errno numbers into more human-readable form than strerror. */ | |
156 | const char *ip6tc_strerror(int err); | |
157 | ||
5cd1adba SH |
158 | extern void dump_entries6(struct xtc_handle *const); |
159 | ||
160 | extern const struct xtc_ops ip6tc_ops; | |
1ffd7fd2 | 161 | |
162 | #endif /* _LIBIP6TC_H */ |