Gitiles
Code Review Sign In
192.168.1.100 / T106_DC / 9ed821d7e5d875a3395740a9cc2545671fa429b7 / . / ap / app / iptables / include / libiptc / libip6tc.h
blob: 33ec69d2d5909af41f2fedb6c4588789e7919611 [file] [log] [blame]
lh9ed821d2023-04-07 01:36:19 -0700[diff] [blame^]1#ifndef _LIBIP6TC_H
2#define _LIBIP6TC_H
3/* Library which manipulates firewall rules. Version 0.2. */
4
5#include <linux/types.h>
6#include <libiptc/ipt_kernel_headers.h>
7#ifdef __cplusplus
8# include <climits>
9#else
10# include <limits.h> /* INT_MAX in ip6_tables.h */
11#endif
12#include <linux/netfilter_ipv6/ip6_tables.h>
13
14#ifndef IP6T_MIN_ALIGN
15#define IP6T_MIN_ALIGN (__alignof__(struct ip6t_entry))
16#endif
17#define IP6T_ALIGN(s) (((s) + (IP6T_MIN_ALIGN-1)) & ~(IP6T_MIN_ALIGN-1))
18
19struct ip6tc_handle;
20
21typedef char ip6t_chainlabel[32];
22
23#define IP6TC_LABEL_ACCEPT "ACCEPT"
24#define IP6TC_LABEL_DROP "DROP"
25#define IP6TC_LABEL_QUEUE "QUEUE"
26#define IP6TC_LABEL_RETURN "RETURN"
27
28/* Does this chain exist? */
29int ip6tc_is_chain(const char *chain, struct ip6tc_handle *const handle);
30
31/* Take a snapshot of the rules. Returns NULL on error. */
32struct ip6tc_handle *ip6tc_init(const char *tablename);
33
34/* Cleanup after ip6tc_init(). */
35void ip6tc_free(struct ip6tc_handle *h);
36
37/* Iterator functions to run through the chains. Returns NULL at end. */
38const char *ip6tc_first_chain(struct ip6tc_handle *handle);
39const char *ip6tc_next_chain(struct ip6tc_handle *handle);
40
41/* Get first rule in the given chain: NULL for empty chain. */
42const struct ip6t_entry *ip6tc_first_rule(const char *chain,
43 struct ip6tc_handle *handle);
44
45/* Returns NULL when rules run out. */
46const struct ip6t_entry *ip6tc_next_rule(const struct ip6t_entry *prev,
47 struct ip6tc_handle *handle);
48
49/* Returns a pointer to the target name of this position. */
50const char *ip6tc_get_target(const struct ip6t_entry *e,
51 struct ip6tc_handle *handle);
52
53/* Is this a built-in chain? */
54int ip6tc_builtin(const char *chain, struct ip6tc_handle *const handle);
55
56/* Get the policy of a given built-in chain */
57const char *ip6tc_get_policy(const char *chain,
58 struct ip6t_counters *counters,
59 struct ip6tc_handle *handle);
60
61/* These functions return TRUE for OK or 0 and set errno. If errno ==
62 0, it means there was a version error (ie. upgrade libiptc). */
63/* Rule numbers start at 1 for the first rule. */
64
65/* Insert the entry `fw' in chain `chain' into position `rulenum'. */
66int ip6tc_insert_entry(const ip6t_chainlabel chain,
67 const struct ip6t_entry *e,
68 unsigned int rulenum,
69 struct ip6tc_handle *handle);
70
71/* Atomically replace rule `rulenum' in `chain' with `fw'. */
72int ip6tc_replace_entry(const ip6t_chainlabel chain,
73 const struct ip6t_entry *e,
74 unsigned int rulenum,
75 struct ip6tc_handle *handle);
76
77/* Append entry `fw' to chain `chain'. Equivalent to insert with
78 rulenum = length of chain. */
79int ip6tc_append_entry(const ip6t_chainlabel chain,
80 const struct ip6t_entry *e,
81 struct ip6tc_handle *handle);
82
83/* Delete the first rule in `chain' which matches `fw'. */
84int ip6tc_delete_entry(const ip6t_chainlabel chain,
85 const struct ip6t_entry *origfw,
86 unsigned char *matchmask,
87 struct ip6tc_handle *handle);
88
89/* Delete the rule in position `rulenum' in `chain'. */
90int ip6tc_delete_num_entry(const ip6t_chainlabel chain,
91 unsigned int rulenum,
92 struct ip6tc_handle *handle);
93
94/* Check the packet `fw' on chain `chain'. Returns the verdict, or
95 NULL and sets errno. */
96const char *ip6tc_check_packet(const ip6t_chainlabel chain,
97 struct ip6t_entry *,
98 struct ip6tc_handle *handle);
99
100/* Flushes the entries in the given chain (ie. empties chain). */
101int ip6tc_flush_entries(const ip6t_chainlabel chain,
102 struct ip6tc_handle *handle);
103
104/* Zeroes the counters in a chain. */
105int ip6tc_zero_entries(const ip6t_chainlabel chain,
106 struct ip6tc_handle *handle);
107
108/* Creates a new chain. */
109int ip6tc_create_chain(const ip6t_chainlabel chain,
110 struct ip6tc_handle *handle);
111
112/* Deletes a chain. */
113int ip6tc_delete_chain(const ip6t_chainlabel chain,
114 struct ip6tc_handle *handle);
115
116/* Renames a chain. */
117int ip6tc_rename_chain(const ip6t_chainlabel oldname,
118 const ip6t_chainlabel newname,
119 struct ip6tc_handle *handle);
120
121/* Sets the policy on a built-in chain. */
122int ip6tc_set_policy(const ip6t_chainlabel chain,
123 const ip6t_chainlabel policy,
124 struct ip6t_counters *counters,
125 struct ip6tc_handle *handle);
126
127/* Get the number of references to this chain */
128int ip6tc_get_references(unsigned int *ref, const ip6t_chainlabel chain,
129 struct ip6tc_handle *handle);
130
131/* read packet and byte counters for a specific rule */
132struct ip6t_counters *ip6tc_read_counter(const ip6t_chainlabel chain,
133 unsigned int rulenum,
134 struct ip6tc_handle *handle);
135
136/* zero packet and byte counters for a specific rule */
137int ip6tc_zero_counter(const ip6t_chainlabel chain,
138 unsigned int rulenum,
139 struct ip6tc_handle *handle);
140
141/* set packet and byte counters for a specific rule */
142int ip6tc_set_counter(const ip6t_chainlabel chain,
143 unsigned int rulenum,
144 struct ip6t_counters *counters,
145 struct ip6tc_handle *handle);
146
147/* Makes the actual changes. */
148int ip6tc_commit(struct ip6tc_handle *handle);
149
150/* Get raw socket. */
151int ip6tc_get_raw_socket(void);
152
153/* Translates errno numbers into more human-readable form than strerror. */
154const char *ip6tc_strerror(int err);
155
156/* Return prefix length, or -1 if not contiguous */
157int ipv6_prefix_length(const struct in6_addr *a);
158
159extern void dump_entries6(struct ip6tc_handle *const);
160
161#endif /* _LIBIP6TC_H */