2 * This file was imported from the iptables sources.
3 * Copyright (C) 1999-2008 Netfilter Core Team
5 * This program is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License as published by the
7 * Free Software Foundation; only version 2 of the License is applicable.
9 * This program is distributed in the hope that it will be useful, but
10 * WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 * General Public License for more details.
14 * You should have received a copy of the GNU General Public License along
15 * with this program; if not, write to the Free Software Foundation, Inc.,
16 * 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
21 /* Library which manipulates firewall rules. Version 0.2. */
23 #include <linux/types.h>
24 #include "ipt_kernel_headers.h"
25 #include <linux/netfilter_ipv6/ip6_tables.h>
27 #ifndef IP6T_MIN_ALIGN
28 #define IP6T_MIN_ALIGN (__alignof__(struct ip6t_entry))
30 #define IP6T_ALIGN(s) (((s) + (IP6T_MIN_ALIGN-1)) & ~(IP6T_MIN_ALIGN-1))
32 typedef char ip6t_chainlabel[32];
34 #define IP6TC_LABEL_ACCEPT "ACCEPT"
35 #define IP6TC_LABEL_DROP "DROP"
36 #define IP6TC_LABEL_QUEUE "QUEUE"
37 #define IP6TC_LABEL_RETURN "RETURN"
39 /* Transparent handle type. */
40 typedef struct ip6tc_handle *ip6tc_handle_t;
42 /* Does this chain exist? */
43 int ip6tc_is_chain(const char *chain, const ip6tc_handle_t handle);
45 /* Take a snapshot of the rules. Returns NULL on error. */
46 ip6tc_handle_t ip6tc_init(const char *tablename);
48 /* Cleanup after ip6tc_init(). */
49 void ip6tc_free(ip6tc_handle_t *h);
51 /* Iterator functions to run through the chains. Returns NULL at end. */
52 const char *ip6tc_first_chain(ip6tc_handle_t *handle);
53 const char *ip6tc_next_chain(ip6tc_handle_t *handle);
55 /* Get first rule in the given chain: NULL for empty chain. */
56 const struct ip6t_entry *ip6tc_first_rule(const char *chain,
57 ip6tc_handle_t *handle);
59 /* Returns NULL when rules run out. */
60 const struct ip6t_entry *ip6tc_next_rule(const struct ip6t_entry *prev,
61 ip6tc_handle_t *handle);
63 /* Returns a pointer to the target name of this position. */
64 const char *ip6tc_get_target(const struct ip6t_entry *e,
65 ip6tc_handle_t *handle);
67 /* Is this a built-in chain? */
68 int ip6tc_builtin(const char *chain, const ip6tc_handle_t handle);
70 /* Get the policy of a given built-in chain */
71 const char *ip6tc_get_policy(const char *chain,
72 struct ip6t_counters *counters,
73 ip6tc_handle_t *handle);
75 /* These functions return TRUE for OK or 0 and set errno. If errno ==
76 0, it means there was a version error (ie. upgrade libiptc). */
77 /* Rule numbers start at 1 for the first rule. */
79 /* Insert the entry `fw' in chain `chain' into position `rulenum'. */
80 int ip6tc_insert_entry(const ip6t_chainlabel chain,
81 const struct ip6t_entry *e,
83 ip6tc_handle_t *handle);
85 /* Atomically replace rule `rulenum' in `chain' with `fw'. */
86 int ip6tc_replace_entry(const ip6t_chainlabel chain,
87 const struct ip6t_entry *e,
89 ip6tc_handle_t *handle);
91 /* Append entry `fw' to chain `chain'. Equivalent to insert with
92 rulenum = length of chain. */
93 int ip6tc_append_entry(const ip6t_chainlabel chain,
94 const struct ip6t_entry *e,
95 ip6tc_handle_t *handle);
97 /* Delete the first rule in `chain' which matches `fw'. */
98 int ip6tc_delete_entry(const ip6t_chainlabel chain,
99 const struct ip6t_entry *origfw,
100 unsigned char *matchmask,
101 ip6tc_handle_t *handle);
103 /* Delete the rule in position `rulenum' in `chain'. */
104 int ip6tc_delete_num_entry(const ip6t_chainlabel chain,
105 unsigned int rulenum,
106 ip6tc_handle_t *handle);
108 /* Check the packet `fw' on chain `chain'. Returns the verdict, or
109 NULL and sets errno. */
110 const char *ip6tc_check_packet(const ip6t_chainlabel chain,
112 ip6tc_handle_t *handle);
114 /* Flushes the entries in the given chain (ie. empties chain). */
115 int ip6tc_flush_entries(const ip6t_chainlabel chain,
116 ip6tc_handle_t *handle);
118 /* Zeroes the counters in a chain. */
119 int ip6tc_zero_entries(const ip6t_chainlabel chain,
120 ip6tc_handle_t *handle);
122 /* Creates a new chain. */
123 int ip6tc_create_chain(const ip6t_chainlabel chain,
124 ip6tc_handle_t *handle);
126 /* Deletes a chain. */
127 int ip6tc_delete_chain(const ip6t_chainlabel chain,
128 ip6tc_handle_t *handle);
130 /* Renames a chain. */
131 int ip6tc_rename_chain(const ip6t_chainlabel oldname,
132 const ip6t_chainlabel newname,
133 ip6tc_handle_t *handle);
135 /* Sets the policy on a built-in chain. */
136 int ip6tc_set_policy(const ip6t_chainlabel chain,
137 const ip6t_chainlabel policy,
138 struct ip6t_counters *counters,
139 ip6tc_handle_t *handle);
141 /* Get the number of references to this chain */
142 int ip6tc_get_references(unsigned int *ref, const ip6t_chainlabel chain,
143 ip6tc_handle_t *handle);
145 /* read packet and byte counters for a specific rule */
146 struct ip6t_counters *ip6tc_read_counter(const ip6t_chainlabel chain,
147 unsigned int rulenum,
148 ip6tc_handle_t *handle);
150 /* zero packet and byte counters for a specific rule */
151 int ip6tc_zero_counter(const ip6t_chainlabel chain,
152 unsigned int rulenum,
153 ip6tc_handle_t *handle);
155 /* set packet and byte counters for a specific rule */
156 int ip6tc_set_counter(const ip6t_chainlabel chain,
157 unsigned int rulenum,
158 struct ip6t_counters *counters,
159 ip6tc_handle_t *handle);
161 /* Makes the actual changes. */
162 int ip6tc_commit(ip6tc_handle_t *handle);
164 /* Get raw socket. */
165 int ip6tc_get_raw_socket(void);
167 /* Translates errno numbers into more human-readable form than strerror. */
168 const char *ip6tc_strerror(int err);
170 /* Return prefix length, or -1 if not contiguous */
171 int ipv6_prefix_length(const struct in6_addr *a);
173 extern void dump_entries6(const ip6tc_handle_t);
175 #endif /* _LIBIP6TC_H */
projects / collectd.git / blob