1*de1e4e89SAndroid Build Coastguard Worker #ifndef _LIBIP6TC_H 2*de1e4e89SAndroid Build Coastguard Worker #define _LIBIP6TC_H 3*de1e4e89SAndroid Build Coastguard Worker /* Library which manipulates firewall rules. Version 0.2. */ 4*de1e4e89SAndroid Build Coastguard Worker 5*de1e4e89SAndroid Build Coastguard Worker #include <linux/types.h> 6*de1e4e89SAndroid Build Coastguard Worker #include <libiptc/ipt_kernel_headers.h> 7*de1e4e89SAndroid Build Coastguard Worker #ifdef __cplusplus 8*de1e4e89SAndroid Build Coastguard Worker # include <climits> 9*de1e4e89SAndroid Build Coastguard Worker #else 10*de1e4e89SAndroid Build Coastguard Worker # include <limits.h> /* INT_MAX in ip6_tables.h */ 11*de1e4e89SAndroid Build Coastguard Worker #endif 12*de1e4e89SAndroid Build Coastguard Worker #include <linux/netfilter_ipv6/ip6_tables.h> 13*de1e4e89SAndroid Build Coastguard Worker #include <libiptc/xtcshared.h> 14*de1e4e89SAndroid Build Coastguard Worker 15*de1e4e89SAndroid Build Coastguard Worker #define ip6tc_handle xtc_handle 16*de1e4e89SAndroid Build Coastguard Worker #define ip6t_chainlabel xt_chainlabel 17*de1e4e89SAndroid Build Coastguard Worker 18*de1e4e89SAndroid Build Coastguard Worker #define IP6TC_LABEL_ACCEPT "ACCEPT" 19*de1e4e89SAndroid Build Coastguard Worker #define IP6TC_LABEL_DROP "DROP" 20*de1e4e89SAndroid Build Coastguard Worker #define IP6TC_LABEL_QUEUE "QUEUE" 21*de1e4e89SAndroid Build Coastguard Worker #define IP6TC_LABEL_RETURN "RETURN" 22*de1e4e89SAndroid Build Coastguard Worker 23*de1e4e89SAndroid Build Coastguard Worker /* Does this chain exist? */ 24*de1e4e89SAndroid Build Coastguard Worker int ip6tc_is_chain(const char *chain, struct xtc_handle *const handle); 25*de1e4e89SAndroid Build Coastguard Worker 26*de1e4e89SAndroid Build Coastguard Worker /* Take a snapshot of the rules. Returns NULL on error. */ 27*de1e4e89SAndroid Build Coastguard Worker struct xtc_handle *ip6tc_init(const char *tablename); 28*de1e4e89SAndroid Build Coastguard Worker 29*de1e4e89SAndroid Build Coastguard Worker /* Cleanup after ip6tc_init(). */ 30*de1e4e89SAndroid Build Coastguard Worker void ip6tc_free(struct xtc_handle *h); 31*de1e4e89SAndroid Build Coastguard Worker 32*de1e4e89SAndroid Build Coastguard Worker /* Iterator functions to run through the chains. Returns NULL at end. */ 33*de1e4e89SAndroid Build Coastguard Worker const char *ip6tc_first_chain(struct xtc_handle *handle); 34*de1e4e89SAndroid Build Coastguard Worker const char *ip6tc_next_chain(struct xtc_handle *handle); 35*de1e4e89SAndroid Build Coastguard Worker 36*de1e4e89SAndroid Build Coastguard Worker /* Get first rule in the given chain: NULL for empty chain. */ 37*de1e4e89SAndroid Build Coastguard Worker const struct ip6t_entry *ip6tc_first_rule(const char *chain, 38*de1e4e89SAndroid Build Coastguard Worker struct xtc_handle *handle); 39*de1e4e89SAndroid Build Coastguard Worker 40*de1e4e89SAndroid Build Coastguard Worker /* Returns NULL when rules run out. */ 41*de1e4e89SAndroid Build Coastguard Worker const struct ip6t_entry *ip6tc_next_rule(const struct ip6t_entry *prev, 42*de1e4e89SAndroid Build Coastguard Worker struct xtc_handle *handle); 43*de1e4e89SAndroid Build Coastguard Worker 44*de1e4e89SAndroid Build Coastguard Worker /* Returns a pointer to the target name of this position. */ 45*de1e4e89SAndroid Build Coastguard Worker const char *ip6tc_get_target(const struct ip6t_entry *e, 46*de1e4e89SAndroid Build Coastguard Worker struct xtc_handle *handle); 47*de1e4e89SAndroid Build Coastguard Worker 48*de1e4e89SAndroid Build Coastguard Worker /* Is this a built-in chain? */ 49*de1e4e89SAndroid Build Coastguard Worker int ip6tc_builtin(const char *chain, struct xtc_handle *const handle); 50*de1e4e89SAndroid Build Coastguard Worker 51*de1e4e89SAndroid Build Coastguard Worker /* Get the policy of a given built-in chain */ 52*de1e4e89SAndroid Build Coastguard Worker const char *ip6tc_get_policy(const char *chain, 53*de1e4e89SAndroid Build Coastguard Worker struct xt_counters *counters, 54*de1e4e89SAndroid Build Coastguard Worker struct xtc_handle *handle); 55*de1e4e89SAndroid Build Coastguard Worker 56*de1e4e89SAndroid Build Coastguard Worker /* These functions return TRUE for OK or 0 and set errno. If errno == 57*de1e4e89SAndroid Build Coastguard Worker 0, it means there was a version error (ie. upgrade libiptc). */ 58*de1e4e89SAndroid Build Coastguard Worker /* Rule numbers start at 1 for the first rule. */ 59*de1e4e89SAndroid Build Coastguard Worker 60*de1e4e89SAndroid Build Coastguard Worker /* Insert the entry `fw' in chain `chain' into position `rulenum'. */ 61*de1e4e89SAndroid Build Coastguard Worker int ip6tc_insert_entry(const xt_chainlabel chain, 62*de1e4e89SAndroid Build Coastguard Worker const struct ip6t_entry *e, 63*de1e4e89SAndroid Build Coastguard Worker unsigned int rulenum, 64*de1e4e89SAndroid Build Coastguard Worker struct xtc_handle *handle); 65*de1e4e89SAndroid Build Coastguard Worker 66*de1e4e89SAndroid Build Coastguard Worker /* Atomically replace rule `rulenum' in `chain' with `fw'. */ 67*de1e4e89SAndroid Build Coastguard Worker int ip6tc_replace_entry(const xt_chainlabel chain, 68*de1e4e89SAndroid Build Coastguard Worker const struct ip6t_entry *e, 69*de1e4e89SAndroid Build Coastguard Worker unsigned int rulenum, 70*de1e4e89SAndroid Build Coastguard Worker struct xtc_handle *handle); 71*de1e4e89SAndroid Build Coastguard Worker 72*de1e4e89SAndroid Build Coastguard Worker /* Append entry `fw' to chain `chain'. Equivalent to insert with 73*de1e4e89SAndroid Build Coastguard Worker rulenum = length of chain. */ 74*de1e4e89SAndroid Build Coastguard Worker int ip6tc_append_entry(const xt_chainlabel chain, 75*de1e4e89SAndroid Build Coastguard Worker const struct ip6t_entry *e, 76*de1e4e89SAndroid Build Coastguard Worker struct xtc_handle *handle); 77*de1e4e89SAndroid Build Coastguard Worker 78*de1e4e89SAndroid Build Coastguard Worker /* Check whether a matching rule exists */ 79*de1e4e89SAndroid Build Coastguard Worker int ip6tc_check_entry(const xt_chainlabel chain, 80*de1e4e89SAndroid Build Coastguard Worker const struct ip6t_entry *origfw, 81*de1e4e89SAndroid Build Coastguard Worker unsigned char *matchmask, 82*de1e4e89SAndroid Build Coastguard Worker struct xtc_handle *handle); 83*de1e4e89SAndroid Build Coastguard Worker 84*de1e4e89SAndroid Build Coastguard Worker /* Delete the first rule in `chain' which matches `fw'. */ 85*de1e4e89SAndroid Build Coastguard Worker int ip6tc_delete_entry(const xt_chainlabel chain, 86*de1e4e89SAndroid Build Coastguard Worker const struct ip6t_entry *origfw, 87*de1e4e89SAndroid Build Coastguard Worker unsigned char *matchmask, 88*de1e4e89SAndroid Build Coastguard Worker struct xtc_handle *handle); 89*de1e4e89SAndroid Build Coastguard Worker 90*de1e4e89SAndroid Build Coastguard Worker /* Delete the rule in position `rulenum' in `chain'. */ 91*de1e4e89SAndroid Build Coastguard Worker int ip6tc_delete_num_entry(const xt_chainlabel chain, 92*de1e4e89SAndroid Build Coastguard Worker unsigned int rulenum, 93*de1e4e89SAndroid Build Coastguard Worker struct xtc_handle *handle); 94*de1e4e89SAndroid Build Coastguard Worker 95*de1e4e89SAndroid Build Coastguard Worker /* Check the packet `fw' on chain `chain'. Returns the verdict, or 96*de1e4e89SAndroid Build Coastguard Worker NULL and sets errno. */ 97*de1e4e89SAndroid Build Coastguard Worker const char *ip6tc_check_packet(const xt_chainlabel chain, 98*de1e4e89SAndroid Build Coastguard Worker struct ip6t_entry *, 99*de1e4e89SAndroid Build Coastguard Worker struct xtc_handle *handle); 100*de1e4e89SAndroid Build Coastguard Worker 101*de1e4e89SAndroid Build Coastguard Worker /* Flushes the entries in the given chain (ie. empties chain). */ 102*de1e4e89SAndroid Build Coastguard Worker int ip6tc_flush_entries(const xt_chainlabel chain, 103*de1e4e89SAndroid Build Coastguard Worker struct xtc_handle *handle); 104*de1e4e89SAndroid Build Coastguard Worker 105*de1e4e89SAndroid Build Coastguard Worker /* Zeroes the counters in a chain. */ 106*de1e4e89SAndroid Build Coastguard Worker int ip6tc_zero_entries(const xt_chainlabel chain, 107*de1e4e89SAndroid Build Coastguard Worker struct xtc_handle *handle); 108*de1e4e89SAndroid Build Coastguard Worker 109*de1e4e89SAndroid Build Coastguard Worker /* Creates a new chain. */ 110*de1e4e89SAndroid Build Coastguard Worker int ip6tc_create_chain(const xt_chainlabel chain, 111*de1e4e89SAndroid Build Coastguard Worker struct xtc_handle *handle); 112*de1e4e89SAndroid Build Coastguard Worker 113*de1e4e89SAndroid Build Coastguard Worker /* Deletes a chain. */ 114*de1e4e89SAndroid Build Coastguard Worker int ip6tc_delete_chain(const xt_chainlabel chain, 115*de1e4e89SAndroid Build Coastguard Worker struct xtc_handle *handle); 116*de1e4e89SAndroid Build Coastguard Worker 117*de1e4e89SAndroid Build Coastguard Worker /* Renames a chain. */ 118*de1e4e89SAndroid Build Coastguard Worker int ip6tc_rename_chain(const xt_chainlabel oldname, 119*de1e4e89SAndroid Build Coastguard Worker const xt_chainlabel newname, 120*de1e4e89SAndroid Build Coastguard Worker struct xtc_handle *handle); 121*de1e4e89SAndroid Build Coastguard Worker 122*de1e4e89SAndroid Build Coastguard Worker /* Sets the policy on a built-in chain. */ 123*de1e4e89SAndroid Build Coastguard Worker int ip6tc_set_policy(const xt_chainlabel chain, 124*de1e4e89SAndroid Build Coastguard Worker const xt_chainlabel policy, 125*de1e4e89SAndroid Build Coastguard Worker struct xt_counters *counters, 126*de1e4e89SAndroid Build Coastguard Worker struct xtc_handle *handle); 127*de1e4e89SAndroid Build Coastguard Worker 128*de1e4e89SAndroid Build Coastguard Worker /* Get the number of references to this chain */ 129*de1e4e89SAndroid Build Coastguard Worker int ip6tc_get_references(unsigned int *ref, const xt_chainlabel chain, 130*de1e4e89SAndroid Build Coastguard Worker struct xtc_handle *handle); 131*de1e4e89SAndroid Build Coastguard Worker 132*de1e4e89SAndroid Build Coastguard Worker /* read packet and byte counters for a specific rule */ 133*de1e4e89SAndroid Build Coastguard Worker struct xt_counters *ip6tc_read_counter(const xt_chainlabel chain, 134*de1e4e89SAndroid Build Coastguard Worker unsigned int rulenum, 135*de1e4e89SAndroid Build Coastguard Worker struct xtc_handle *handle); 136*de1e4e89SAndroid Build Coastguard Worker 137*de1e4e89SAndroid Build Coastguard Worker /* zero packet and byte counters for a specific rule */ 138*de1e4e89SAndroid Build Coastguard Worker int ip6tc_zero_counter(const xt_chainlabel chain, 139*de1e4e89SAndroid Build Coastguard Worker unsigned int rulenum, 140*de1e4e89SAndroid Build Coastguard Worker struct xtc_handle *handle); 141*de1e4e89SAndroid Build Coastguard Worker 142*de1e4e89SAndroid Build Coastguard Worker /* set packet and byte counters for a specific rule */ 143*de1e4e89SAndroid Build Coastguard Worker int ip6tc_set_counter(const xt_chainlabel chain, 144*de1e4e89SAndroid Build Coastguard Worker unsigned int rulenum, 145*de1e4e89SAndroid Build Coastguard Worker struct xt_counters *counters, 146*de1e4e89SAndroid Build Coastguard Worker struct xtc_handle *handle); 147*de1e4e89SAndroid Build Coastguard Worker 148*de1e4e89SAndroid Build Coastguard Worker /* Makes the actual changes. */ 149*de1e4e89SAndroid Build Coastguard Worker int ip6tc_commit(struct xtc_handle *handle); 150*de1e4e89SAndroid Build Coastguard Worker 151*de1e4e89SAndroid Build Coastguard Worker /* Get raw socket. */ 152*de1e4e89SAndroid Build Coastguard Worker int ip6tc_get_raw_socket(void); 153*de1e4e89SAndroid Build Coastguard Worker 154*de1e4e89SAndroid Build Coastguard Worker /* Translates errno numbers into more human-readable form than strerror. */ 155*de1e4e89SAndroid Build Coastguard Worker const char *ip6tc_strerror(int err); 156*de1e4e89SAndroid Build Coastguard Worker 157*de1e4e89SAndroid Build Coastguard Worker extern void dump_entries6(struct xtc_handle *const); 158*de1e4e89SAndroid Build Coastguard Worker 159*de1e4e89SAndroid Build Coastguard Worker extern const struct xtc_ops ip6tc_ops; 160*de1e4e89SAndroid Build Coastguard Worker 161*de1e4e89SAndroid Build Coastguard Worker #endif /* _LIBIP6TC_H */ 162