2
* This file was imported from the iptables sources.
3
* Copyright (C) 1999-2008 Netfilter Core Team
5
* This program is free software; you can redistribute it and/or modify it
6
* under the terms of the GNU General Public License as published by the
7
* Free Software Foundation; only version 2 of the License is applicable.
9
* This program is distributed in the hope that it will be useful, but
10
* WITHOUT ANY WARRANTY; without even the implied warranty of
11
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12
* General Public License for more details.
14
* You should have received a copy of the GNU General Public License along
15
* with this program; if not, write to the Free Software Foundation, Inc.,
16
* 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
21
/* Library which manipulates filtering rules. */
23
#include <linux/types.h>
24
#include "ipt_kernel_headers.h"
25
#include <linux/netfilter_ipv4/ip_tables.h>
32
/* ipt_entry has pointers and u_int64_t's in it, so if you align to
33
it, you'll also align to any crazy matches and targets someone
35
#define IPT_MIN_ALIGN (__alignof__(struct ipt_entry))
38
#define IPT_ALIGN(s) (((s) + ((IPT_MIN_ALIGN)-1)) & ~((IPT_MIN_ALIGN)-1))
40
typedef char ipt_chainlabel[32];
42
#define IPTC_LABEL_ACCEPT "ACCEPT"
43
#define IPTC_LABEL_DROP "DROP"
44
#define IPTC_LABEL_QUEUE "QUEUE"
45
#define IPTC_LABEL_RETURN "RETURN"
47
/* Transparent handle type. */
48
typedef struct iptc_handle *iptc_handle_t;
50
/* Does this chain exist? */
51
int iptc_is_chain(const char *chain, const iptc_handle_t handle);
53
/* Take a snapshot of the rules. Returns NULL on error. */
54
iptc_handle_t iptc_init(const char *tablename);
56
/* Cleanup after iptc_init(). */
57
void iptc_free(iptc_handle_t *h);
59
/* Iterator functions to run through the chains. Returns NULL at end. */
60
const char *iptc_first_chain(iptc_handle_t *handle);
61
const char *iptc_next_chain(iptc_handle_t *handle);
63
/* Get first rule in the given chain: NULL for empty chain. */
64
const struct ipt_entry *iptc_first_rule(const char *chain,
65
iptc_handle_t *handle);
67
/* Returns NULL when rules run out. */
68
const struct ipt_entry *iptc_next_rule(const struct ipt_entry *prev,
69
iptc_handle_t *handle);
71
/* Returns a pointer to the target name of this entry. */
72
const char *iptc_get_target(const struct ipt_entry *e,
73
iptc_handle_t *handle);
75
/* Is this a built-in chain? */
76
int iptc_builtin(const char *chain, const iptc_handle_t handle);
78
/* Get the policy of a given built-in chain */
79
const char *iptc_get_policy(const char *chain,
80
struct ipt_counters *counter,
81
iptc_handle_t *handle);
83
/* These functions return TRUE for OK or 0 and set errno. If errno ==
84
0, it means there was a version error (ie. upgrade libiptc). */
85
/* Rule numbers start at 1 for the first rule. */
87
/* Insert the entry `e' in chain `chain' into position `rulenum'. */
88
int iptc_insert_entry(const ipt_chainlabel chain,
89
const struct ipt_entry *e,
91
iptc_handle_t *handle);
93
/* Atomically replace rule `rulenum' in `chain' with `e'. */
94
int iptc_replace_entry(const ipt_chainlabel chain,
95
const struct ipt_entry *e,
97
iptc_handle_t *handle);
99
/* Append entry `e' to chain `chain'. Equivalent to insert with
100
rulenum = length of chain. */
101
int iptc_append_entry(const ipt_chainlabel chain,
102
const struct ipt_entry *e,
103
iptc_handle_t *handle);
105
/* Delete the first rule in `chain' which matches `e', subject to
106
matchmask (array of length == origfw) */
107
int iptc_delete_entry(const ipt_chainlabel chain,
108
const struct ipt_entry *origfw,
109
unsigned char *matchmask,
110
iptc_handle_t *handle);
112
/* Delete the rule in position `rulenum' in `chain'. */
113
int iptc_delete_num_entry(const ipt_chainlabel chain,
114
unsigned int rulenum,
115
iptc_handle_t *handle);
117
/* Check the packet `e' on chain `chain'. Returns the verdict, or
118
NULL and sets errno. */
119
const char *iptc_check_packet(const ipt_chainlabel chain,
120
struct ipt_entry *entry,
121
iptc_handle_t *handle);
123
/* Flushes the entries in the given chain (ie. empties chain). */
124
int iptc_flush_entries(const ipt_chainlabel chain,
125
iptc_handle_t *handle);
127
/* Zeroes the counters in a chain. */
128
int iptc_zero_entries(const ipt_chainlabel chain,
129
iptc_handle_t *handle);
131
/* Creates a new chain. */
132
int iptc_create_chain(const ipt_chainlabel chain,
133
iptc_handle_t *handle);
135
/* Deletes a chain. */
136
int iptc_delete_chain(const ipt_chainlabel chain,
137
iptc_handle_t *handle);
139
/* Renames a chain. */
140
int iptc_rename_chain(const ipt_chainlabel oldname,
141
const ipt_chainlabel newname,
142
iptc_handle_t *handle);
144
/* Sets the policy on a built-in chain. */
145
int iptc_set_policy(const ipt_chainlabel chain,
146
const ipt_chainlabel policy,
147
struct ipt_counters *counters,
148
iptc_handle_t *handle);
150
/* Get the number of references to this chain */
151
int iptc_get_references(unsigned int *ref,
152
const ipt_chainlabel chain,
153
iptc_handle_t *handle);
155
/* read packet and byte counters for a specific rule */
156
struct ipt_counters *iptc_read_counter(const ipt_chainlabel chain,
157
unsigned int rulenum,
158
iptc_handle_t *handle);
160
/* zero packet and byte counters for a specific rule */
161
int iptc_zero_counter(const ipt_chainlabel chain,
162
unsigned int rulenum,
163
iptc_handle_t *handle);
165
/* set packet and byte counters for a specific rule */
166
int iptc_set_counter(const ipt_chainlabel chain,
167
unsigned int rulenum,
168
struct ipt_counters *counters,
169
iptc_handle_t *handle);
171
/* Makes the actual changes. */
172
int iptc_commit(iptc_handle_t *handle);
174
/* Get raw socket. */
175
int iptc_get_raw_socket(void);
177
/* Translates errno numbers into more human-readable form than strerror. */
178
const char *iptc_strerror(int err);
180
extern void dump_entries(const iptc_handle_t);
187
#endif /* _LIBIPTC_H */