From 369afc14de1d89ff5627ff4c5f72f6f839244b50 Mon Sep 17 00:00:00 2001 From: Bart De Schuymer Date: Mon, 9 Jun 2003 20:47:32 +0000 Subject: *** empty log message *** --- include/arptables.h | 152 ++++++++++++++++++++++++++++++++ include/arptables_common.h | 23 +++++ include/libarptc/arpt_kernel_headers.h | 29 ++++++ include/libarptc/libarptc.h | 156 +++++++++++++++++++++++++++++++++ 4 files changed, 360 insertions(+) create mode 100644 include/arptables.h create mode 100644 include/arptables_common.h create mode 100644 include/libarptc/arpt_kernel_headers.h create mode 100644 include/libarptc/libarptc.h (limited to 'include') diff --git a/include/arptables.h b/include/arptables.h new file mode 100644 index 0000000..53d1c8c --- /dev/null +++ b/include/arptables.h @@ -0,0 +1,152 @@ +#ifndef _ARPTABLES_USER_H +#define _ARPTABLES_USER_H + +#include "arptables_common.h" +#include "libarptc/libarptc.h" + + +/*******************************/ +/* REMOVE LATER, PUT IN KERNEL */ +/*******************************/ +struct arpt_entry_match +{ + int iets; +}; + +/*******************************/ +/* END OF KERNEL REPLACEMENTS */ +/*******************************/ + +/* Include file for additions: new matches and targets. */ +struct arptables_match +{ + struct arptables_match *next; + + arpt_chainlabel name; + + const char *version; + + /* Size of match data. */ + size_t size; + + /* Size of match data relevent for userspace comparison purposes */ + size_t userspacesize; + + /* Function which prints out usage message. */ + void (*help)(void); + + /* Initialize the match. */ + void (*init)(struct arpt_entry_match *m, unsigned int *nfcache); + + /* Function which parses command options; returns true if it + ate an option */ + int (*parse)(int c, char **argv, int invert, unsigned int *flags, + const struct arpt_entry *entry, + unsigned int *nfcache, + struct arpt_entry_match **match); + + /* Final check; exit if not ok. */ + void (*final_check)(unsigned int flags); + + /* Prints out the match iff non-NULL: put space at end */ + void (*print)(const struct arpt_arp *ip, + const struct arpt_entry_match *match, int numeric); + + /* Saves the match info in parsable form to stdout. */ + void (*save)(const struct arpt_arp *ip, + const struct arpt_entry_match *match); + + /* Pointer to list of extra command-line options */ + const struct option *extra_opts; + + /* Ignore these men behind the curtain: */ + unsigned int option_offset; + struct arpt_entry_match *m; + unsigned int mflags; + unsigned int used; + unsigned int loaded; /* simulate loading so options are merged properly */ +}; + +struct arptables_target +{ + struct arptables_target *next; + + arpt_chainlabel name; + + const char *version; + + /* Size of target data. */ + size_t size; + + /* Size of target data relevent for userspace comparison purposes */ + size_t userspacesize; + + /* Function which prints out usage message. */ + void (*help)(void); + + /* Initialize the target. */ + void (*init)(struct arpt_entry_target *t); + + /* Function which parses command options; returns true if it + ate an option */ + int (*parse)(int c, char **argv, int invert, unsigned int *flags, + const struct arpt_entry *entry, + struct arpt_entry_target **target); + + /* Final check; exit if not ok. */ + void (*final_check)(unsigned int flags); + + /* Prints out the target iff non-NULL: put space at end */ + void (*print)(const struct arpt_arp *ip, + const struct arpt_entry_target *target, int numeric); + + /* Saves the targinfo in parsable form to stdout. */ + void (*save)(const struct arpt_arp *ip, + const struct arpt_entry_target *target); + + /* Pointer to list of extra command-line options */ + struct option *extra_opts; + + /* Ignore these men behind the curtain: */ + unsigned int option_offset; + struct arpt_entry_target *t; + unsigned int tflags; + unsigned int used; + unsigned int loaded; /* simulate loading so options are merged properly */ +}; + +/* Your shared library should call one of these. */ +extern void register_match(struct arptables_match *me); +extern void register_target(struct arptables_target *me); + +extern struct in_addr *dotted_to_addr(const char *dotted); +extern char *addr_to_dotted(const struct in_addr *addrp); +extern char *addr_to_anyname(const struct in_addr *addr); +extern char *mask_to_dotted(const struct in_addr *mask); + +extern void parse_hostnetworkmask(const char *name, struct in_addr **addrpp, + struct in_addr *maskp, unsigned int *naddrs); +extern u_int16_t parse_protocol(const char *s); + +extern int do_command(int argc, char *argv[], char **table, + arptc_handle_t *handle); +/* Keeping track of external matches and targets: linked lists. */ +extern struct arptables_match *arptables_matches; +extern struct arptables_target *arptables_targets; + +enum arpt_tryload { + DONT_LOAD, + TRY_LOAD, + LOAD_MUST_SUCCEED +}; + +extern struct arptables_target *find_target(const char *name, enum arpt_tryload); +extern struct arptables_match *find_match(const char *name, enum arpt_tryload); + +extern int delete_chain(const arpt_chainlabel chain, int verbose, + arptc_handle_t *handle); +extern int flush_entries(const arpt_chainlabel chain, int verbose, + arptc_handle_t *handle); +extern int for_each_chain(int (*fn)(const arpt_chainlabel, int, arptc_handle_t *), + int verbose, int builtinstoo, arptc_handle_t *handle); +#endif /*_ARPTABLES_USER_H*/ diff --git a/include/arptables_common.h b/include/arptables_common.h new file mode 100644 index 0000000..8150ee0 --- /dev/null +++ b/include/arptables_common.h @@ -0,0 +1,23 @@ +#ifndef _ARPTABLES_COMMON_H +#define _ARPTABLES_COMMON_H + +enum exittype { + OTHER_PROBLEM = 1, + PARAMETER_PROBLEM, + VERSION_PROBLEM +}; +extern void exit_printhelp() __attribute__((noreturn)); +extern void exit_tryhelp(int) __attribute__((noreturn)); +int check_inverse(const char option[], int *invert, int *optind, int argc); +extern int string_to_number(const char *, + unsigned int, + unsigned int, + unsigned int *); +extern int iptables_insmod(const char *modname, const char *modprobe); +void exit_error(enum exittype, char *, ...)__attribute__((noreturn, + format(printf,2,3))); +extern const char *program_name, *program_version; + + extern void init_extensions(void); + +#endif /*_IPTABLES_COMMON_H*/ diff --git a/include/libarptc/arpt_kernel_headers.h b/include/libarptc/arpt_kernel_headers.h new file mode 100644 index 0000000..442cc54 --- /dev/null +++ b/include/libarptc/arpt_kernel_headers.h @@ -0,0 +1,29 @@ +/* This is the userspace/kernel interface for Generic IP Chains, + required for libc6. */ +#ifndef _FWCHAINS_KERNEL_HEADERS_H +#define _FWCHAINS_KERNEL_HEADERS_H + +#include + +#if defined(__GLIBC__) && __GLIBC__ == 2 +#include +#include +#include +#include +#include +#include +#include +#include +#else +#include +#include +#include +#include +#include +#include +#include +#include +#include +#endif + +#endif diff --git a/include/libarptc/libarptc.h b/include/libarptc/libarptc.h new file mode 100644 index 0000000..b7d3d36 --- /dev/null +++ b/include/libarptc/libarptc.h @@ -0,0 +1,156 @@ +#ifndef _LIBARPTC_H +#define _LIBARPTC_H +/* Library which manipulates filtering rules. */ + +#include +#include + +#ifndef ARPT_MIN_ALIGN +/* arpt_entry has pointers and u_int64_t's in it, so if you align to + it, you'll also align to any crazy matches and targets someone + might write */ +#define ARPT_MIN_ALIGN (__alignof__(struct arpt_entry)) +#endif + +#define ARPT_ALIGN(s) (((s) + ((ARPT_MIN_ALIGN)-1)) & ~((ARPT_MIN_ALIGN)-1)) + +typedef char arpt_chainlabel[32]; + +#define ARPTC_LABEL_ACCEPT "ACCEPT" +#define ARPTC_LABEL_DROP "DROP" +#define ARPTC_LABEL_QUEUE "QUEUE" +#define ARPTC_LABEL_RETURN "RETURN" + +/* Transparent handle type. */ +typedef struct arptc_handle *arptc_handle_t; + +/* Does this chain exist? */ +int arptc_is_chain(const char *chain, const arptc_handle_t handle); + +/* Take a snapshot of the rules. Returns NULL on error. */ +arptc_handle_t arptc_init(const char *tablename); + +/* Iterator functions to run through the chains. Returns NULL at end. */ +const char *arptc_first_chain(arptc_handle_t *handle); +const char *arptc_next_chain(arptc_handle_t *handle); + +/* Get first rule in the given chain: NULL for empty chain. */ +const struct arpt_entry *arptc_first_rule(const char *chain, + arptc_handle_t *handle); + +/* Returns NULL when rules run out. */ +const struct arpt_entry *arptc_next_rule(const struct arpt_entry *prev, + arptc_handle_t *handle); + +/* Returns a pointer to the target name of this entry. */ +const char *arptc_get_target(const struct arpt_entry *e, + arptc_handle_t *handle); + +/* Is this a built-in chain? */ +int arptc_builtin(const char *chain, const arptc_handle_t handle); + +/* Get the policy of a given built-in chain */ +const char *arptc_get_policy(const char *chain, + struct arpt_counters *counter, + arptc_handle_t *handle); + +/* These functions return TRUE for OK or 0 and set errno. If errno == + 0, it means there was a version error (ie. upgrade libarptc). */ +/* Rule numbers start at 1 for the first rule. */ + +/* Insert the entry `e' in chain `chain' into position `rulenum'. */ +int arptc_insert_entry(const arpt_chainlabel chain, + const struct arpt_entry *e, + unsigned int rulenum, + arptc_handle_t *handle); + +/* Atomically replace rule `rulenum' in `chain' with `e'. */ +int arptc_replace_entry(const arpt_chainlabel chain, + const struct arpt_entry *e, + unsigned int rulenum, + arptc_handle_t *handle); + +/* Append entry `e' to chain `chain'. Equivalent to insert with + rulenum = length of chain. */ +int arptc_append_entry(const arpt_chainlabel chain, + const struct arpt_entry *e, + arptc_handle_t *handle); + +/* Delete the first rule in `chain' which matches `e', subject to + matchmask (array of length == origfw) */ +int arptc_delete_entry(const arpt_chainlabel chain, + const struct arpt_entry *origfw, + unsigned char *matchmask, + arptc_handle_t *handle); + +/* Delete the rule in position `rulenum' in `chain'. */ +int arptc_delete_num_entry(const arpt_chainlabel chain, + unsigned int rulenum, + arptc_handle_t *handle); + +/* Check the packet `e' on chain `chain'. Returns the verdict, or + NULL and sets errno. */ +const char *arptc_check_packet(const arpt_chainlabel chain, + struct arpt_entry *entry, + arptc_handle_t *handle); + +/* Flushes the entries in the given chain (ie. empties chain). */ +int arptc_flush_entries(const arpt_chainlabel chain, + arptc_handle_t *handle); + +/* Zeroes the counters in a chain. */ +int arptc_zero_entries(const arpt_chainlabel chain, + arptc_handle_t *handle); + +/* Creates a new chain. */ +int arptc_create_chain(const arpt_chainlabel chain, + arptc_handle_t *handle); + +/* Deletes a chain. */ +int arptc_delete_chain(const arpt_chainlabel chain, + arptc_handle_t *handle); + +/* Renames a chain. */ +int arptc_rename_chain(const arpt_chainlabel oldname, + const arpt_chainlabel newname, + arptc_handle_t *handle); + +/* Sets the policy on a built-in chain. */ +int arptc_set_policy(const arpt_chainlabel chain, + const arpt_chainlabel policy, + struct arpt_counters *counters, + arptc_handle_t *handle); + +/* Get the number of references to this chain */ +int arptc_get_references(unsigned int *ref, + const arpt_chainlabel chain, + arptc_handle_t *handle); + +/* read packet and byte counters for a specific rule */ +struct arpt_counters *arptc_read_counter(const arpt_chainlabel chain, + unsigned int rulenum, + arptc_handle_t *handle); + +/* zero packet and byte counters for a specific rule */ +int arptc_zero_counter(const arpt_chainlabel chain, + unsigned int rulenum, + arptc_handle_t *handle); + +/* set packet and byte counters for a specific rule */ +int arptc_set_counter(const arpt_chainlabel chain, + unsigned int rulenum, + struct arpt_counters *counters, + arptc_handle_t *handle); + +/* Makes the actual changes. */ +int arptc_commit(arptc_handle_t *handle); + +/* Get raw socket. */ +int arptc_get_raw_socket(); + +/* Translates errno numbers into more human-readable form than strerror. */ +const char *arptc_strerror(int err); + + + +#endif /* _LIBARPTC_H */ -- cgit v1.2.3