3
/* Library which manipulates filtering rules. */
5
#include <linux/types.h>
6
#include <libiptc/ipt_kernel_headers.h>
7
#include <linux/netfilter_ipv4/ip_tables.h>
14
/* ipt_entry has pointers and u_int64_t's in it, so if you align to
15
it, you'll also align to any crazy matches and targets someone
17
#define IPT_MIN_ALIGN (__alignof__(struct ipt_entry))
20
#define IPT_ALIGN(s) (((s) + ((IPT_MIN_ALIGN)-1)) & ~((IPT_MIN_ALIGN)-1))
22
typedef char ipt_chainlabel[32];
24
#define IPTC_LABEL_ACCEPT "ACCEPT"
25
#define IPTC_LABEL_DROP "DROP"
26
#define IPTC_LABEL_QUEUE "QUEUE"
27
#define IPTC_LABEL_RETURN "RETURN"
29
/* Transparent handle type. */
30
typedef struct iptc_handle *iptc_handle_t;
32
/* Does this chain exist? */
33
int iptc_is_chain(const char *chain, const iptc_handle_t handle);
35
/* Take a snapshot of the rules. Returns NULL on error. */
36
iptc_handle_t iptc_init(const char *tablename);
38
/* Cleanup after iptc_init(). */
39
void iptc_free(iptc_handle_t *h);
41
/* Iterator functions to run through the chains. Returns NULL at end. */
42
const char *iptc_first_chain(iptc_handle_t *handle);
43
const char *iptc_next_chain(iptc_handle_t *handle);
45
/* Get first rule in the given chain: NULL for empty chain. */
46
const struct ipt_entry *iptc_first_rule(const char *chain,
47
iptc_handle_t *handle);
49
/* Returns NULL when rules run out. */
50
const struct ipt_entry *iptc_next_rule(const struct ipt_entry *prev,
51
iptc_handle_t *handle);
53
/* Returns a pointer to the target name of this entry. */
54
const char *iptc_get_target(const struct ipt_entry *e,
55
iptc_handle_t *handle);
57
/* Is this a built-in chain? */
58
int iptc_builtin(const char *chain, const iptc_handle_t handle);
60
/* Get the policy of a given built-in chain */
61
const char *iptc_get_policy(const char *chain,
62
struct ipt_counters *counter,
63
iptc_handle_t *handle);
65
/* These functions return TRUE for OK or 0 and set errno. If errno ==
66
0, it means there was a version error (ie. upgrade libiptc). */
67
/* Rule numbers start at 1 for the first rule. */
69
/* Insert the entry `e' in chain `chain' into position `rulenum'. */
70
int iptc_insert_entry(const ipt_chainlabel chain,
71
const struct ipt_entry *e,
73
iptc_handle_t *handle);
75
/* Atomically replace rule `rulenum' in `chain' with `e'. */
76
int iptc_replace_entry(const ipt_chainlabel chain,
77
const struct ipt_entry *e,
79
iptc_handle_t *handle);
81
/* Append entry `e' to chain `chain'. Equivalent to insert with
82
rulenum = length of chain. */
83
int iptc_append_entry(const ipt_chainlabel chain,
84
const struct ipt_entry *e,
85
iptc_handle_t *handle);
87
/* Delete the first rule in `chain' which matches `e', subject to
88
matchmask (array of length == origfw) */
89
int iptc_delete_entry(const ipt_chainlabel chain,
90
const struct ipt_entry *origfw,
91
unsigned char *matchmask,
92
iptc_handle_t *handle);
94
/* Delete the rule in position `rulenum' in `chain'. */
95
int iptc_delete_num_entry(const ipt_chainlabel chain,
97
iptc_handle_t *handle);
99
/* Check the packet `e' on chain `chain'. Returns the verdict, or
100
NULL and sets errno. */
101
const char *iptc_check_packet(const ipt_chainlabel chain,
102
struct ipt_entry *entry,
103
iptc_handle_t *handle);
105
/* Flushes the entries in the given chain (ie. empties chain). */
106
int iptc_flush_entries(const ipt_chainlabel chain,
107
iptc_handle_t *handle);
109
/* Zeroes the counters in a chain. */
110
int iptc_zero_entries(const ipt_chainlabel chain,
111
iptc_handle_t *handle);
113
/* Creates a new chain. */
114
int iptc_create_chain(const ipt_chainlabel chain,
115
iptc_handle_t *handle);
117
/* Deletes a chain. */
118
int iptc_delete_chain(const ipt_chainlabel chain,
119
iptc_handle_t *handle);
121
/* Renames a chain. */
122
int iptc_rename_chain(const ipt_chainlabel oldname,
123
const ipt_chainlabel newname,
124
iptc_handle_t *handle);
126
/* Sets the policy on a built-in chain. */
127
int iptc_set_policy(const ipt_chainlabel chain,
128
const ipt_chainlabel policy,
129
struct ipt_counters *counters,
130
iptc_handle_t *handle);
132
/* Get the number of references to this chain */
133
int iptc_get_references(unsigned int *ref,
134
const ipt_chainlabel chain,
135
iptc_handle_t *handle);
137
/* read packet and byte counters for a specific rule */
138
struct ipt_counters *iptc_read_counter(const ipt_chainlabel chain,
139
unsigned int rulenum,
140
iptc_handle_t *handle);
142
/* zero packet and byte counters for a specific rule */
143
int iptc_zero_counter(const ipt_chainlabel chain,
144
unsigned int rulenum,
145
iptc_handle_t *handle);
147
/* set packet and byte counters for a specific rule */
148
int iptc_set_counter(const ipt_chainlabel chain,
149
unsigned int rulenum,
150
struct ipt_counters *counters,
151
iptc_handle_t *handle);
153
/* Makes the actual changes. */
154
int iptc_commit(iptc_handle_t *handle);
156
/* Get raw socket. */
157
int iptc_get_raw_socket();
159
/* Translates errno numbers into more human-readable form than strerror. */
160
const char *iptc_strerror(int err);
167
#endif /* _LIBIPTC_H */