]> git.proxmox.com Git - mirror_iproute2.git/blob - include/libiptc/libip6tc.h
projects / mirror_iproute2.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
SPDX license identifiers
[mirror_iproute2.git] / include / libiptc / libip6tc.h
1 /* SPDX-License-Identifier: GPL-2.0 */
2 #ifndef _LIBIP6TC_H
3 #define _LIBIP6TC_H
4 /* Library which manipulates firewall rules. Version 0.2. */
5
6 #include <linux/types.h>
7 #include <libiptc/ipt_kernel_headers.h>
8 #ifdef __cplusplus
9 # include <climits>
10 #else
11 # include <limits.h> /* INT_MAX in ip6_tables.h */
12 #endif
13 #include <linux/netfilter_ipv6/ip6_tables.h>
14 #include <libiptc/xtcshared.h>
15
16 #define ip6tc_handle xtc_handle
17 #define ip6t_chainlabel xt_chainlabel
18
19 #define IP6TC_LABEL_ACCEPT "ACCEPT"
20 #define IP6TC_LABEL_DROP "DROP"
21 #define IP6TC_LABEL_QUEUE "QUEUE"
22 #define IP6TC_LABEL_RETURN "RETURN"
23
24 /* Does this chain exist? */
25 int ip6tc_is_chain(const char *chain, struct xtc_handle *const handle);
26
27 /* Take a snapshot of the rules. Returns NULL on error. */
28 struct xtc_handle *ip6tc_init(const char *tablename);
29
30 /* Cleanup after ip6tc_init(). */
31 void ip6tc_free(struct xtc_handle *h);
32
33 /* Iterator functions to run through the chains. Returns NULL at end. */
34 const char *ip6tc_first_chain(struct xtc_handle *handle);
35 const char *ip6tc_next_chain(struct xtc_handle *handle);
36
37 /* Get first rule in the given chain: NULL for empty chain. */
38 const struct ip6t_entry *ip6tc_first_rule(const char *chain,
39 struct xtc_handle *handle);
40
41 /* Returns NULL when rules run out. */
42 const struct ip6t_entry *ip6tc_next_rule(const struct ip6t_entry *prev,
43 struct xtc_handle *handle);
44
45 /* Returns a pointer to the target name of this position. */
46 const char *ip6tc_get_target(const struct ip6t_entry *e,
47 struct xtc_handle *handle);
48
49 /* Is this a built-in chain? */
50 int ip6tc_builtin(const char *chain, struct xtc_handle *const handle);
51
52 /* Get the policy of a given built-in chain */
53 const char *ip6tc_get_policy(const char *chain,
54 struct xt_counters *counters,
55 struct xtc_handle *handle);
56
57 /* These functions return TRUE for OK or 0 and set errno. If errno ==
58 0, it means there was a version error (ie. upgrade libiptc). */
59 /* Rule numbers start at 1 for the first rule. */
60
61 /* Insert the entry `fw' in chain `chain' into position `rulenum'. */
62 int ip6tc_insert_entry(const xt_chainlabel chain,
63 const struct ip6t_entry *e,
64 unsigned int rulenum,
65 struct xtc_handle *handle);
66
67 /* Atomically replace rule `rulenum' in `chain' with `fw'. */
68 int ip6tc_replace_entry(const xt_chainlabel chain,
69 const struct ip6t_entry *e,
70 unsigned int rulenum,
71 struct xtc_handle *handle);
72
73 /* Append entry `fw' to chain `chain'. Equivalent to insert with
74 rulenum = length of chain. */
75 int ip6tc_append_entry(const xt_chainlabel chain,
76 const struct ip6t_entry *e,
77 struct xtc_handle *handle);
78
79 /* Check whether a matching rule exists */
80 int ip6tc_check_entry(const xt_chainlabel chain,
81 const struct ip6t_entry *origfw,
82 unsigned char *matchmask,
83 struct xtc_handle *handle);
84
85 /* Delete the first rule in `chain' which matches `fw'. */
86 int ip6tc_delete_entry(const xt_chainlabel chain,
87 const struct ip6t_entry *origfw,
88 unsigned char *matchmask,
89 struct xtc_handle *handle);
90
91 /* Delete the rule in position `rulenum' in `chain'. */
92 int ip6tc_delete_num_entry(const xt_chainlabel chain,
93 unsigned int rulenum,
94 struct xtc_handle *handle);
95
96 /* Check the packet `fw' on chain `chain'. Returns the verdict, or
97 NULL and sets errno. */
98 const char *ip6tc_check_packet(const xt_chainlabel chain,
99 struct ip6t_entry *,
100 struct xtc_handle *handle);
101
102 /* Flushes the entries in the given chain (ie. empties chain). */
103 int ip6tc_flush_entries(const xt_chainlabel chain,
104 struct xtc_handle *handle);
105
106 /* Zeroes the counters in a chain. */
107 int ip6tc_zero_entries(const xt_chainlabel chain,
108 struct xtc_handle *handle);
109
110 /* Creates a new chain. */
111 int ip6tc_create_chain(const xt_chainlabel chain,
112 struct xtc_handle *handle);
113
114 /* Deletes a chain. */
115 int ip6tc_delete_chain(const xt_chainlabel chain,
116 struct xtc_handle *handle);
117
118 /* Renames a chain. */
119 int ip6tc_rename_chain(const xt_chainlabel oldname,
120 const xt_chainlabel newname,
121 struct xtc_handle *handle);
122
123 /* Sets the policy on a built-in chain. */
124 int ip6tc_set_policy(const xt_chainlabel chain,
125 const xt_chainlabel policy,
126 struct xt_counters *counters,
127 struct xtc_handle *handle);
128
129 /* Get the number of references to this chain */
130 int ip6tc_get_references(unsigned int *ref, const xt_chainlabel chain,
131 struct xtc_handle *handle);
132
133 /* read packet and byte counters for a specific rule */
134 struct xt_counters *ip6tc_read_counter(const xt_chainlabel chain,
135 unsigned int rulenum,
136 struct xtc_handle *handle);
137
138 /* zero packet and byte counters for a specific rule */
139 int ip6tc_zero_counter(const xt_chainlabel chain,
140 unsigned int rulenum,
141 struct xtc_handle *handle);
142
143 /* set packet and byte counters for a specific rule */
144 int ip6tc_set_counter(const xt_chainlabel chain,
145 unsigned int rulenum,
146 struct xt_counters *counters,
147 struct xtc_handle *handle);
148
149 /* Makes the actual changes. */
150 int ip6tc_commit(struct xtc_handle *handle);
151
152 /* Get raw socket. */
153 int ip6tc_get_raw_socket(void);
154
155 /* Translates errno numbers into more human-readable form than strerror. */
156 const char *ip6tc_strerror(int err);
157
158 extern void dump_entries6(struct xtc_handle *const);
159
160 extern const struct xtc_ops ip6tc_ops;
161
162 #endif /* _LIBIP6TC_H */
Upstream mirror of iproute2