1 #ifndef IPTABLES_XSHARED_H
2 #define IPTABLES_XSHARED_H 1
3 
4 #include <limits.h>
5 #include <stdbool.h>
6 #include <stdint.h>
7 #include <netinet/in.h>
8 #include <net/if.h>
9 #include <sys/time.h>
10 #include <linux/netfilter_ipv4/ip_tables.h>
11 #include <linux/netfilter_ipv6/ip6_tables.h>
12 
13 enum {
14 	OPT_NONE        = 0,
15 	OPT_NUMERIC     = 1 << 0,
16 	OPT_SOURCE      = 1 << 1,
17 	OPT_DESTINATION = 1 << 2,
18 	OPT_PROTOCOL    = 1 << 3,
19 	OPT_JUMP        = 1 << 4,
20 	OPT_VERBOSE     = 1 << 5,
21 	OPT_EXPANDED    = 1 << 6,
22 	OPT_VIANAMEIN   = 1 << 7,
23 	OPT_VIANAMEOUT  = 1 << 8,
24 	OPT_LINENUMBERS = 1 << 9,
25 	OPT_COUNTERS    = 1 << 10,
26 };
27 
28 struct xtables_globals;
29 struct xtables_rule_match;
30 struct xtables_target;
31 
32 /**
33  * xtables_afinfo - protocol family dependent information
34  * @kmod:		kernel module basename (e.g. "ip_tables")
35  * @proc_exists:	file which exists in procfs when module already loaded
36  * @libprefix:		prefix of .so library name (e.g. "libipt_")
37  * @family:		nfproto family
38  * @ipproto:		used by setsockopt (e.g. IPPROTO_IP)
39  * @so_rev_match:	optname to check revision support of match
40  * @so_rev_target:	optname to check revision support of target
41  */
42 struct xtables_afinfo {
43 	const char *kmod;
44 	const char *proc_exists;
45 	const char *libprefix;
46 	uint8_t family;
47 	uint8_t ipproto;
48 	int so_rev_match;
49 	int so_rev_target;
50 };
51 
52 struct iptables_command_state {
53 	union {
54 		struct ipt_entry fw;
55 		struct ip6t_entry fw6;
56 	};
57 	int invert;
58 	int c;
59 	unsigned int options;
60 	struct xtables_rule_match *matches;
61 	struct xtables_target *target;
62 	struct xt_counters counters;
63 	char *protocol;
64 	int proto_used;
65 	const char *jumpto;
66 	char **argv;
67 	bool restore;
68 };
69 
70 typedef int (*mainfunc_t)(int, char **);
71 
72 struct subcommand {
73 	const char *name;
74 	mainfunc_t main;
75 };
76 
77 enum {
78 	XT_OPTION_OFFSET_SCALE = 256,
79 };
80 
81 extern void print_extension_helps(const struct xtables_target *,
82 	const struct xtables_rule_match *);
83 extern const char *proto_to_name(uint8_t, int);
84 extern int command_default(struct iptables_command_state *,
85 	struct xtables_globals *);
86 extern struct xtables_match *load_proto(struct iptables_command_state *);
87 extern int subcmd_main(int, char **, const struct subcommand *);
88 extern void xs_init_target(struct xtables_target *);
89 extern void xs_init_match(struct xtables_match *);
90 
91 /**
92  * Values for the iptables lock.
93  *
94  * A value >= 0 indicates the lock filedescriptor. Other values are:
95  *
96  * XT_LOCK_UNSUPPORTED : The system does not support locking, execution will
97  * proceed lockless.
98  *
99  * XT_LOCK_BUSY : The lock was held by another process. xtables_lock only
100  * returns this value when |wait| == false. If |wait| == true, xtables_lock
101  * will not return unless the lock has been acquired.
102  *
103  * XT_LOCK_NOT_ACQUIRED : We have not yet attempted to acquire the lock.
104  */
105 enum {
106 	XT_LOCK_BUSY = -1,
107 	XT_LOCK_UNSUPPORTED  = -2,
108 	XT_LOCK_NOT_ACQUIRED  = -3,
109 };
110 extern int xtables_lock(int wait, struct timeval *tv);
111 extern void xtables_unlock(int lock);
112 
113 int parse_wait_time(int argc, char *argv[]);
114 void parse_wait_interval(int argc, char *argv[], struct timeval *wait_interval);
115 bool xs_has_arg(int argc, char *argv[]);
116 
117 extern const struct xtables_afinfo *afinfo;
118 
119 #endif /* IPTABLES_XSHARED_H */
120