]>
git.proxmox.com Git - mirror_iproute2.git/blob - include/libiptc/libip6tc.h
1 /* SPDX-License-Identifier: GPL-2.0 */
4 /* Library which manipulates firewall rules. Version 0.2. */
6 #include <linux/types.h>
7 #include <libiptc/ipt_kernel_headers.h>
11 # include <limits.h> /* INT_MAX in ip6_tables.h */
13 #include <linux/netfilter_ipv6/ip6_tables.h>
14 #include <libiptc/xtcshared.h>
16 #define ip6tc_handle xtc_handle
17 #define ip6t_chainlabel xt_chainlabel
19 #define IP6TC_LABEL_ACCEPT "ACCEPT"
20 #define IP6TC_LABEL_DROP "DROP"
21 #define IP6TC_LABEL_QUEUE "QUEUE"
22 #define IP6TC_LABEL_RETURN "RETURN"
24 /* Does this chain exist? */
25 int ip6tc_is_chain(const char *chain
, struct xtc_handle
*const handle
);
27 /* Take a snapshot of the rules. Returns NULL on error. */
28 struct xtc_handle
*ip6tc_init(const char *tablename
);
30 /* Cleanup after ip6tc_init(). */
31 void ip6tc_free(struct xtc_handle
*h
);
33 /* Iterator functions to run through the chains. Returns NULL at end. */
34 const char *ip6tc_first_chain(struct xtc_handle
*handle
);
35 const char *ip6tc_next_chain(struct xtc_handle
*handle
);
37 /* Get first rule in the given chain: NULL for empty chain. */
38 const struct ip6t_entry
*ip6tc_first_rule(const char *chain
,
39 struct xtc_handle
*handle
);
41 /* Returns NULL when rules run out. */
42 const struct ip6t_entry
*ip6tc_next_rule(const struct ip6t_entry
*prev
,
43 struct xtc_handle
*handle
);
45 /* Returns a pointer to the target name of this position. */
46 const char *ip6tc_get_target(const struct ip6t_entry
*e
,
47 struct xtc_handle
*handle
);
49 /* Is this a built-in chain? */
50 int ip6tc_builtin(const char *chain
, struct xtc_handle
*const handle
);
52 /* Get the policy of a given built-in chain */
53 const char *ip6tc_get_policy(const char *chain
,
54 struct xt_counters
*counters
,
55 struct xtc_handle
*handle
);
57 /* These functions return TRUE for OK or 0 and set errno. If errno ==
58 0, it means there was a version error (ie. upgrade libiptc). */
59 /* Rule numbers start at 1 for the first rule. */
61 /* Insert the entry `fw' in chain `chain' into position `rulenum'. */
62 int ip6tc_insert_entry(const xt_chainlabel chain
,
63 const struct ip6t_entry
*e
,
65 struct xtc_handle
*handle
);
67 /* Atomically replace rule `rulenum' in `chain' with `fw'. */
68 int ip6tc_replace_entry(const xt_chainlabel chain
,
69 const struct ip6t_entry
*e
,
71 struct xtc_handle
*handle
);
73 /* Append entry `fw' to chain `chain'. Equivalent to insert with
74 rulenum = length of chain. */
75 int ip6tc_append_entry(const xt_chainlabel chain
,
76 const struct ip6t_entry
*e
,
77 struct xtc_handle
*handle
);
79 /* Check whether a matching rule exists */
80 int ip6tc_check_entry(const xt_chainlabel chain
,
81 const struct ip6t_entry
*origfw
,
82 unsigned char *matchmask
,
83 struct xtc_handle
*handle
);
85 /* Delete the first rule in `chain' which matches `fw'. */
86 int ip6tc_delete_entry(const xt_chainlabel chain
,
87 const struct ip6t_entry
*origfw
,
88 unsigned char *matchmask
,
89 struct xtc_handle
*handle
);
91 /* Delete the rule in position `rulenum' in `chain'. */
92 int ip6tc_delete_num_entry(const xt_chainlabel chain
,
94 struct xtc_handle
*handle
);
96 /* Check the packet `fw' on chain `chain'. Returns the verdict, or
97 NULL and sets errno. */
98 const char *ip6tc_check_packet(const xt_chainlabel chain
,
100 struct xtc_handle
*handle
);
102 /* Flushes the entries in the given chain (ie. empties chain). */
103 int ip6tc_flush_entries(const xt_chainlabel chain
,
104 struct xtc_handle
*handle
);
106 /* Zeroes the counters in a chain. */
107 int ip6tc_zero_entries(const xt_chainlabel chain
,
108 struct xtc_handle
*handle
);
110 /* Creates a new chain. */
111 int ip6tc_create_chain(const xt_chainlabel chain
,
112 struct xtc_handle
*handle
);
114 /* Deletes a chain. */
115 int ip6tc_delete_chain(const xt_chainlabel chain
,
116 struct xtc_handle
*handle
);
118 /* Renames a chain. */
119 int ip6tc_rename_chain(const xt_chainlabel oldname
,
120 const xt_chainlabel newname
,
121 struct xtc_handle
*handle
);
123 /* Sets the policy on a built-in chain. */
124 int ip6tc_set_policy(const xt_chainlabel chain
,
125 const xt_chainlabel policy
,
126 struct xt_counters
*counters
,
127 struct xtc_handle
*handle
);
129 /* Get the number of references to this chain */
130 int ip6tc_get_references(unsigned int *ref
, const xt_chainlabel chain
,
131 struct xtc_handle
*handle
);
133 /* read packet and byte counters for a specific rule */
134 struct xt_counters
*ip6tc_read_counter(const xt_chainlabel chain
,
135 unsigned int rulenum
,
136 struct xtc_handle
*handle
);
138 /* zero packet and byte counters for a specific rule */
139 int ip6tc_zero_counter(const xt_chainlabel chain
,
140 unsigned int rulenum
,
141 struct xtc_handle
*handle
);
143 /* set packet and byte counters for a specific rule */
144 int ip6tc_set_counter(const xt_chainlabel chain
,
145 unsigned int rulenum
,
146 struct xt_counters
*counters
,
147 struct xtc_handle
*handle
);
149 /* Makes the actual changes. */
150 int ip6tc_commit(struct xtc_handle
*handle
);
152 /* Get raw socket. */
153 int ip6tc_get_raw_socket(void);
155 /* Translates errno numbers into more human-readable form than strerror. */
156 const char *ip6tc_strerror(int err
);
158 extern void dump_entries6(struct xtc_handle
*const);
160 extern const struct xtc_ops ip6tc_ops
;
162 #endif /* _LIBIP6TC_H */