1 #ifndef _NFT_SHARED_H_ 2 #define _NFT_SHARED_H_ 3 4 #include <stdbool.h> 5 6 #include <libnftnl/rule.h> 7 #include <libnftnl/expr.h> 8 #include <libnftnl/chain.h> 9 10 #include <linux/netfilter_arp/arp_tables.h> 11 #include <linux/netfilter/nf_tables.h> 12 13 #include "xshared.h" 14 #include "nft-ruleparse.h" 15 16 #ifdef DEBUG 17 #define DEBUG_DEL 18 #endif 19 20 /* 21 * iptables print output emulation 22 */ 23 24 #define FMT_NUMERIC 0x0001 25 #define FMT_NOCOUNTS 0x0002 26 #define FMT_KILOMEGAGIGA 0x0004 27 #define FMT_OPTIONS 0x0008 28 #define FMT_NOTABLE 0x0010 29 #define FMT_NOTARGET 0x0020 30 #define FMT_VIA 0x0040 31 #define FMT_NONEWLINE 0x0080 32 #define FMT_LINENUMBERS 0x0100 33 34 #define FMT_PRINT_RULE (FMT_NOCOUNTS | FMT_OPTIONS | FMT_VIA \ 35 | FMT_NUMERIC | FMT_NOTABLE) 36 #define FMT(tab,notab) ((format) & FMT_NOTABLE ? (notab) : (tab)) 37 38 struct nft_rule_ctx; 39 struct xtables_args; 40 struct nft_handle; 41 struct xt_xlate; 42 43 struct nft_family_ops { 44 int (*add)(struct nft_handle *h, struct nft_rule_ctx *ctx, 45 struct nftnl_rule *r, struct iptables_command_state *cs); 46 bool (*is_same)(const struct iptables_command_state *cs_a, 47 const struct iptables_command_state *cs_b); 48 void (*print_payload)(struct nftnl_expr *e, 49 struct nftnl_expr_iter *iter); 50 void (*set_goto_flag)(struct iptables_command_state *cs); 51 52 void (*print_table_header)(const char *tablename); 53 void (*print_header)(unsigned int format, const char *chain, 54 const char *pol, 55 const struct xt_counters *counters, 56 int refs, uint32_t entries); 57 void (*print_rule)(struct nft_handle *h, struct nftnl_rule *r, 58 unsigned int num, unsigned int format); 59 void (*save_rule)(const struct iptables_command_state *cs, 60 unsigned int format); 61 void (*save_chain)(const struct nftnl_chain *c, const char *policy); 62 struct nft_ruleparse_ops *rule_parse; 63 struct xt_cmd_parse_ops cmd_parse; 64 void (*init_cs)(struct iptables_command_state *cs); 65 bool (*rule_to_cs)(struct nft_handle *h, const struct nftnl_rule *r, 66 struct iptables_command_state *cs); 67 void (*clear_cs)(struct iptables_command_state *cs); 68 int (*xlate)(const struct iptables_command_state *cs, 69 struct xt_xlate *xl); 70 int (*add_entry)(struct nft_handle *h, 71 const char *chain, const char *table, 72 struct iptables_command_state *cs, 73 struct xtables_args *args, bool verbose, 74 bool append, int rulenum); 75 int (*delete_entry)(struct nft_handle *h, 76 const char *chain, const char *table, 77 struct iptables_command_state *cs, 78 struct xtables_args *args, bool verbose); 79 int (*check_entry)(struct nft_handle *h, 80 const char *chain, const char *table, 81 struct iptables_command_state *cs, 82 struct xtables_args *args, bool verbose); 83 int (*replace_entry)(struct nft_handle *h, 84 const char *chain, const char *table, 85 struct iptables_command_state *cs, 86 struct xtables_args *args, bool verbose, 87 int rulenum); 88 }; 89 90 void add_meta(struct nft_handle *h, struct nftnl_rule *r, uint32_t key, uint8_t *dreg); 91 void add_payload(struct nft_handle *h, struct nftnl_rule *r, int offset, int len, uint32_t base, uint8_t *dreg); 92 void add_bitwise(struct nft_handle *h, struct nftnl_rule *r, uint8_t *mask, size_t len, uint8_t sreg, uint8_t *dreg); 93 void add_bitwise_u16(struct nft_handle *h, struct nftnl_rule *r, uint16_t mask, uint16_t xor, uint8_t sreg, uint8_t *dreg); 94 void add_cmp_ptr(struct nftnl_rule *r, uint32_t op, void *data, size_t len, uint8_t sreg); 95 void add_cmp_u8(struct nftnl_rule *r, uint8_t val, uint32_t op, uint8_t sreg); 96 void add_cmp_u16(struct nftnl_rule *r, uint16_t val, uint32_t op, uint8_t sreg); 97 void add_cmp_u32(struct nftnl_rule *r, uint32_t val, uint32_t op, uint8_t sreg); 98 void add_iface(struct nft_handle *h, struct nftnl_rule *r, 99 char *iface, uint32_t key, uint32_t op); 100 void add_addr(struct nft_handle *h, struct nftnl_rule *r, enum nft_payload_bases base, int offset, 101 void *data, void *mask, size_t len, uint32_t op); 102 void add_proto(struct nft_handle *h, struct nftnl_rule *r, int offset, size_t len, 103 uint8_t proto, uint32_t op); 104 void add_l4proto(struct nft_handle *h, struct nftnl_rule *r, uint8_t proto, uint32_t op); 105 void add_compat(struct nftnl_rule *r, uint32_t proto, bool inv); 106 107 bool is_same_interfaces(const char *a_iniface, const char *a_outiface, 108 unsigned const char *a_iniface_mask, 109 unsigned const char *a_outiface_mask, 110 const char *b_iniface, const char *b_outiface, 111 unsigned const char *b_iniface_mask, 112 unsigned const char *b_outiface_mask); 113 114 void __get_cmp_data(struct nftnl_expr *e, void *data, size_t dlen, uint8_t *op); 115 void get_cmp_data(struct nftnl_expr *e, void *data, size_t dlen, bool *inv); 116 void print_matches_and_target(struct iptables_command_state *cs, 117 unsigned int format); 118 void nft_ipv46_save_chain(const struct nftnl_chain *c, const char *policy); 119 void save_matches_and_target(const struct iptables_command_state *cs, 120 bool goto_flag, const void *fw, 121 unsigned int format); 122 123 struct nft_family_ops *nft_family_ops_lookup(int family); 124 125 bool compare_matches(struct xtables_rule_match *mt1, struct xtables_rule_match *mt2); 126 bool compare_targets(struct xtables_target *tg1, struct xtables_target *tg2); 127 128 struct nftnl_chain_list; 129 130 struct nft_xt_restore_cb { 131 void (*table_new)(struct nft_handle *h, const char *table); 132 int (*chain_set)(struct nft_handle *h, const char *table, 133 const char *chain, const char *policy, 134 const struct xt_counters *counters); 135 int (*chain_restore)(struct nft_handle *h, const char *chain, 136 const char *table); 137 138 int (*table_flush)(struct nft_handle *h, const char *table, 139 bool verbose); 140 141 int (*do_command)(struct nft_handle *h, int argc, char *argv[], 142 char **table, bool restore); 143 144 int (*commit)(struct nft_handle *h); 145 int (*abort)(struct nft_handle *h); 146 }; 147 148 struct nft_xt_restore_parse { 149 FILE *in; 150 int testing; 151 const char *tablename; 152 bool commit; 153 const struct nft_xt_restore_cb *cb; 154 }; 155 156 void xtables_restore_parse(struct nft_handle *h, 157 const struct nft_xt_restore_parse *p); 158 159 void nft_check_xt_legacy(int family, bool is_ipt_save); 160 161 /* simplified nftables:include/netlink.h, netlink_padded_len() */ 162 #define NETLINK_ALIGN 4 163 164 enum nft_registers nft_get_next_reg(enum nft_registers reg, size_t size); 165 166 #endif 167