1*de1e4e89SAndroid Build Coastguard Worker #ifndef _LIBIPTC_H 2*de1e4e89SAndroid Build Coastguard Worker #define _LIBIPTC_H 3*de1e4e89SAndroid Build Coastguard Worker /* Library which manipulates filtering rules. */ 4*de1e4e89SAndroid Build Coastguard Worker 5*de1e4e89SAndroid Build Coastguard Worker #include <linux/types.h> 6*de1e4e89SAndroid Build Coastguard Worker #include <libiptc/ipt_kernel_headers.h> 7*de1e4e89SAndroid Build Coastguard Worker #ifdef __cplusplus 8*de1e4e89SAndroid Build Coastguard Worker # include <climits> 9*de1e4e89SAndroid Build Coastguard Worker #else 10*de1e4e89SAndroid Build Coastguard Worker # include <limits.h> /* INT_MAX in ip_tables.h */ 11*de1e4e89SAndroid Build Coastguard Worker #endif 12*de1e4e89SAndroid Build Coastguard Worker #include <linux/netfilter_ipv4/ip_tables.h> 13*de1e4e89SAndroid Build Coastguard Worker #include <libiptc/xtcshared.h> 14*de1e4e89SAndroid Build Coastguard Worker 15*de1e4e89SAndroid Build Coastguard Worker #ifdef __cplusplus 16*de1e4e89SAndroid Build Coastguard Worker extern "C" { 17*de1e4e89SAndroid Build Coastguard Worker #endif 18*de1e4e89SAndroid Build Coastguard Worker 19*de1e4e89SAndroid Build Coastguard Worker #define iptc_handle xtc_handle 20*de1e4e89SAndroid Build Coastguard Worker #define ipt_chainlabel xt_chainlabel 21*de1e4e89SAndroid Build Coastguard Worker 22*de1e4e89SAndroid Build Coastguard Worker #define IPTC_LABEL_ACCEPT "ACCEPT" 23*de1e4e89SAndroid Build Coastguard Worker #define IPTC_LABEL_DROP "DROP" 24*de1e4e89SAndroid Build Coastguard Worker #define IPTC_LABEL_QUEUE "QUEUE" 25*de1e4e89SAndroid Build Coastguard Worker #define IPTC_LABEL_RETURN "RETURN" 26*de1e4e89SAndroid Build Coastguard Worker 27*de1e4e89SAndroid Build Coastguard Worker /* Does this chain exist? */ 28*de1e4e89SAndroid Build Coastguard Worker int iptc_is_chain(const char *chain, struct xtc_handle *const handle); 29*de1e4e89SAndroid Build Coastguard Worker 30*de1e4e89SAndroid Build Coastguard Worker /* Take a snapshot of the rules. Returns NULL on error. */ 31*de1e4e89SAndroid Build Coastguard Worker struct xtc_handle *iptc_init(const char *tablename); 32*de1e4e89SAndroid Build Coastguard Worker 33*de1e4e89SAndroid Build Coastguard Worker /* Cleanup after iptc_init(). */ 34*de1e4e89SAndroid Build Coastguard Worker void iptc_free(struct xtc_handle *h); 35*de1e4e89SAndroid Build Coastguard Worker 36*de1e4e89SAndroid Build Coastguard Worker /* Iterator functions to run through the chains. Returns NULL at end. */ 37*de1e4e89SAndroid Build Coastguard Worker const char *iptc_first_chain(struct xtc_handle *handle); 38*de1e4e89SAndroid Build Coastguard Worker const char *iptc_next_chain(struct xtc_handle *handle); 39*de1e4e89SAndroid Build Coastguard Worker 40*de1e4e89SAndroid Build Coastguard Worker /* Get first rule in the given chain: NULL for empty chain. */ 41*de1e4e89SAndroid Build Coastguard Worker const struct ipt_entry *iptc_first_rule(const char *chain, 42*de1e4e89SAndroid Build Coastguard Worker struct xtc_handle *handle); 43*de1e4e89SAndroid Build Coastguard Worker 44*de1e4e89SAndroid Build Coastguard Worker /* Returns NULL when rules run out. */ 45*de1e4e89SAndroid Build Coastguard Worker const struct ipt_entry *iptc_next_rule(const struct ipt_entry *prev, 46*de1e4e89SAndroid Build Coastguard Worker struct xtc_handle *handle); 47*de1e4e89SAndroid Build Coastguard Worker 48*de1e4e89SAndroid Build Coastguard Worker /* Returns a pointer to the target name of this entry. */ 49*de1e4e89SAndroid Build Coastguard Worker const char *iptc_get_target(const struct ipt_entry *e, 50*de1e4e89SAndroid Build Coastguard Worker struct xtc_handle *handle); 51*de1e4e89SAndroid Build Coastguard Worker 52*de1e4e89SAndroid Build Coastguard Worker /* Is this a built-in chain? */ 53*de1e4e89SAndroid Build Coastguard Worker int iptc_builtin(const char *chain, struct xtc_handle *const handle); 54*de1e4e89SAndroid Build Coastguard Worker 55*de1e4e89SAndroid Build Coastguard Worker /* Get the policy of a given built-in chain */ 56*de1e4e89SAndroid Build Coastguard Worker const char *iptc_get_policy(const char *chain, 57*de1e4e89SAndroid Build Coastguard Worker struct xt_counters *counter, 58*de1e4e89SAndroid Build Coastguard Worker struct xtc_handle *handle); 59*de1e4e89SAndroid Build Coastguard Worker 60*de1e4e89SAndroid Build Coastguard Worker /* These functions return TRUE for OK or 0 and set errno. If errno == 61*de1e4e89SAndroid Build Coastguard Worker 0, it means there was a version error (ie. upgrade libiptc). */ 62*de1e4e89SAndroid Build Coastguard Worker /* Rule numbers start at 1 for the first rule. */ 63*de1e4e89SAndroid Build Coastguard Worker 64*de1e4e89SAndroid Build Coastguard Worker /* Insert the entry `e' in chain `chain' into position `rulenum'. */ 65*de1e4e89SAndroid Build Coastguard Worker int iptc_insert_entry(const xt_chainlabel chain, 66*de1e4e89SAndroid Build Coastguard Worker const struct ipt_entry *e, 67*de1e4e89SAndroid Build Coastguard Worker unsigned int rulenum, 68*de1e4e89SAndroid Build Coastguard Worker struct xtc_handle *handle); 69*de1e4e89SAndroid Build Coastguard Worker 70*de1e4e89SAndroid Build Coastguard Worker /* Atomically replace rule `rulenum' in `chain' with `e'. */ 71*de1e4e89SAndroid Build Coastguard Worker int iptc_replace_entry(const xt_chainlabel chain, 72*de1e4e89SAndroid Build Coastguard Worker const struct ipt_entry *e, 73*de1e4e89SAndroid Build Coastguard Worker unsigned int rulenum, 74*de1e4e89SAndroid Build Coastguard Worker struct xtc_handle *handle); 75*de1e4e89SAndroid Build Coastguard Worker 76*de1e4e89SAndroid Build Coastguard Worker /* Append entry `e' to chain `chain'. Equivalent to insert with 77*de1e4e89SAndroid Build Coastguard Worker rulenum = length of chain. */ 78*de1e4e89SAndroid Build Coastguard Worker int iptc_append_entry(const xt_chainlabel chain, 79*de1e4e89SAndroid Build Coastguard Worker const struct ipt_entry *e, 80*de1e4e89SAndroid Build Coastguard Worker struct xtc_handle *handle); 81*de1e4e89SAndroid Build Coastguard Worker 82*de1e4e89SAndroid Build Coastguard Worker /* Check whether a mathching rule exists */ 83*de1e4e89SAndroid Build Coastguard Worker int iptc_check_entry(const xt_chainlabel chain, 84*de1e4e89SAndroid Build Coastguard Worker const struct ipt_entry *origfw, 85*de1e4e89SAndroid Build Coastguard Worker unsigned char *matchmask, 86*de1e4e89SAndroid Build Coastguard Worker struct xtc_handle *handle); 87*de1e4e89SAndroid Build Coastguard Worker 88*de1e4e89SAndroid Build Coastguard Worker /* Delete the first rule in `chain' which matches `e', subject to 89*de1e4e89SAndroid Build Coastguard Worker matchmask (array of length == origfw) */ 90*de1e4e89SAndroid Build Coastguard Worker int iptc_delete_entry(const xt_chainlabel chain, 91*de1e4e89SAndroid Build Coastguard Worker const struct ipt_entry *origfw, 92*de1e4e89SAndroid Build Coastguard Worker unsigned char *matchmask, 93*de1e4e89SAndroid Build Coastguard Worker struct xtc_handle *handle); 94*de1e4e89SAndroid Build Coastguard Worker 95*de1e4e89SAndroid Build Coastguard Worker /* Delete the rule in position `rulenum' in `chain'. */ 96*de1e4e89SAndroid Build Coastguard Worker int iptc_delete_num_entry(const xt_chainlabel chain, 97*de1e4e89SAndroid Build Coastguard Worker unsigned int rulenum, 98*de1e4e89SAndroid Build Coastguard Worker struct xtc_handle *handle); 99*de1e4e89SAndroid Build Coastguard Worker 100*de1e4e89SAndroid Build Coastguard Worker /* Check the packet `e' on chain `chain'. Returns the verdict, or 101*de1e4e89SAndroid Build Coastguard Worker NULL and sets errno. */ 102*de1e4e89SAndroid Build Coastguard Worker const char *iptc_check_packet(const xt_chainlabel chain, 103*de1e4e89SAndroid Build Coastguard Worker struct ipt_entry *entry, 104*de1e4e89SAndroid Build Coastguard Worker struct xtc_handle *handle); 105*de1e4e89SAndroid Build Coastguard Worker 106*de1e4e89SAndroid Build Coastguard Worker /* Flushes the entries in the given chain (ie. empties chain). */ 107*de1e4e89SAndroid Build Coastguard Worker int iptc_flush_entries(const xt_chainlabel chain, 108*de1e4e89SAndroid Build Coastguard Worker struct xtc_handle *handle); 109*de1e4e89SAndroid Build Coastguard Worker 110*de1e4e89SAndroid Build Coastguard Worker /* Zeroes the counters in a chain. */ 111*de1e4e89SAndroid Build Coastguard Worker int iptc_zero_entries(const xt_chainlabel chain, 112*de1e4e89SAndroid Build Coastguard Worker struct xtc_handle *handle); 113*de1e4e89SAndroid Build Coastguard Worker 114*de1e4e89SAndroid Build Coastguard Worker /* Creates a new chain. */ 115*de1e4e89SAndroid Build Coastguard Worker int iptc_create_chain(const xt_chainlabel chain, 116*de1e4e89SAndroid Build Coastguard Worker struct xtc_handle *handle); 117*de1e4e89SAndroid Build Coastguard Worker 118*de1e4e89SAndroid Build Coastguard Worker /* Deletes a chain. */ 119*de1e4e89SAndroid Build Coastguard Worker int iptc_delete_chain(const xt_chainlabel chain, 120*de1e4e89SAndroid Build Coastguard Worker struct xtc_handle *handle); 121*de1e4e89SAndroid Build Coastguard Worker 122*de1e4e89SAndroid Build Coastguard Worker /* Renames a chain. */ 123*de1e4e89SAndroid Build Coastguard Worker int iptc_rename_chain(const xt_chainlabel oldname, 124*de1e4e89SAndroid Build Coastguard Worker const xt_chainlabel newname, 125*de1e4e89SAndroid Build Coastguard Worker struct xtc_handle *handle); 126*de1e4e89SAndroid Build Coastguard Worker 127*de1e4e89SAndroid Build Coastguard Worker /* Sets the policy on a built-in chain. */ 128*de1e4e89SAndroid Build Coastguard Worker int iptc_set_policy(const xt_chainlabel chain, 129*de1e4e89SAndroid Build Coastguard Worker const xt_chainlabel policy, 130*de1e4e89SAndroid Build Coastguard Worker struct xt_counters *counters, 131*de1e4e89SAndroid Build Coastguard Worker struct xtc_handle *handle); 132*de1e4e89SAndroid Build Coastguard Worker 133*de1e4e89SAndroid Build Coastguard Worker /* Get the number of references to this chain */ 134*de1e4e89SAndroid Build Coastguard Worker int iptc_get_references(unsigned int *ref, 135*de1e4e89SAndroid Build Coastguard Worker const xt_chainlabel chain, 136*de1e4e89SAndroid Build Coastguard Worker struct xtc_handle *handle); 137*de1e4e89SAndroid Build Coastguard Worker 138*de1e4e89SAndroid Build Coastguard Worker /* read packet and byte counters for a specific rule */ 139*de1e4e89SAndroid Build Coastguard Worker struct xt_counters *iptc_read_counter(const xt_chainlabel chain, 140*de1e4e89SAndroid Build Coastguard Worker unsigned int rulenum, 141*de1e4e89SAndroid Build Coastguard Worker struct xtc_handle *handle); 142*de1e4e89SAndroid Build Coastguard Worker 143*de1e4e89SAndroid Build Coastguard Worker /* zero packet and byte counters for a specific rule */ 144*de1e4e89SAndroid Build Coastguard Worker int iptc_zero_counter(const xt_chainlabel chain, 145*de1e4e89SAndroid Build Coastguard Worker unsigned int rulenum, 146*de1e4e89SAndroid Build Coastguard Worker struct xtc_handle *handle); 147*de1e4e89SAndroid Build Coastguard Worker 148*de1e4e89SAndroid Build Coastguard Worker /* set packet and byte counters for a specific rule */ 149*de1e4e89SAndroid Build Coastguard Worker int iptc_set_counter(const xt_chainlabel chain, 150*de1e4e89SAndroid Build Coastguard Worker unsigned int rulenum, 151*de1e4e89SAndroid Build Coastguard Worker struct xt_counters *counters, 152*de1e4e89SAndroid Build Coastguard Worker struct xtc_handle *handle); 153*de1e4e89SAndroid Build Coastguard Worker 154*de1e4e89SAndroid Build Coastguard Worker /* Makes the actual changes. */ 155*de1e4e89SAndroid Build Coastguard Worker int iptc_commit(struct xtc_handle *handle); 156*de1e4e89SAndroid Build Coastguard Worker 157*de1e4e89SAndroid Build Coastguard Worker /* Get raw socket. */ 158*de1e4e89SAndroid Build Coastguard Worker int iptc_get_raw_socket(void); 159*de1e4e89SAndroid Build Coastguard Worker 160*de1e4e89SAndroid Build Coastguard Worker /* Translates errno numbers into more human-readable form than strerror. */ 161*de1e4e89SAndroid Build Coastguard Worker const char *iptc_strerror(int err); 162*de1e4e89SAndroid Build Coastguard Worker 163*de1e4e89SAndroid Build Coastguard Worker extern void dump_entries(struct xtc_handle *const); 164*de1e4e89SAndroid Build Coastguard Worker 165*de1e4e89SAndroid Build Coastguard Worker extern const struct xtc_ops iptc_ops; 166*de1e4e89SAndroid Build Coastguard Worker 167*de1e4e89SAndroid Build Coastguard Worker #ifdef __cplusplus 168*de1e4e89SAndroid Build Coastguard Worker } 169*de1e4e89SAndroid Build Coastguard Worker #endif 170*de1e4e89SAndroid Build Coastguard Worker 171*de1e4e89SAndroid Build Coastguard Worker 172*de1e4e89SAndroid Build Coastguard Worker #endif /* _LIBIPTC_H */ 173