diff options
author | Yasuyuki KOZAKAI <yasuyuki@netfilter.org> | 2007-07-24 05:52:07 +0000 |
---|---|---|
committer | Yasuyuki KOZAKAI <yasuyuki@netfilter.org> | 2007-07-24 05:52:07 +0000 |
commit | 0d502bcdbc97ed359e84f6a21dfa0049b3b60a6c (patch) | |
tree | 537187d08bae1bac51328c5d27f3c24f72b6cc06 /include/iptables.h | |
parent | 0b82e8e81e887843011c8771f70d2302901f7e5e (diff) |
Introduces xtables match/target registration
- moves lib_dir to xtables.c
- introduces struct pfinfo which has protocol family dependent infomations.
- unifies load_ip[6]tables_ko() and moves them as load_xtables_ko()
- introduces xt_{match,match_rule,target,tryload} and replaces
ip[6]t_* with them
- unifies following functions and move them to xtables.c
- find_{match,find_target}
- compatible_revision, compatible_{match,target}_revision
- introduces xtables_register_{match,target} and make
register_{match,target}[6] call them. xtables_register_* register ONLY
matches/targets matched protocol family
Some concepts:
- source compatibility for libip[6]t_xxx.c with warning on compilation
not binary compatibility.
- binary compatibility between 2.4/2.6 kernel and iptables/ip6tables,
of cause.
- xtables is enough to support only one address family at runtime.
Then xtables keeps infomations of only the focused address famiy
in struct afinfo.
Diffstat (limited to 'include/iptables.h')
-rw-r--r-- | include/iptables.h | 143 |
1 files changed, 5 insertions, 138 deletions
diff --git a/include/iptables.h b/include/iptables.h index cd514284..9df1a297 100644 --- a/include/iptables.h +++ b/include/iptables.h @@ -1,6 +1,7 @@ #ifndef _IPTABLES_USER_H #define _IPTABLES_USER_H +#include "xtables.h" #include "iptables_common.h" #include "libiptc/libiptc.h" @@ -21,132 +22,12 @@ #ifndef IPT_SO_GET_REVISION_MATCH /* Old kernel source. */ #define IPT_SO_GET_REVISION_MATCH (IPT_BASE_CTL + 2) #define IPT_SO_GET_REVISION_TARGET (IPT_BASE_CTL + 3) - -struct ipt_get_revision -{ - char name[IPT_FUNCTION_MAXNAMELEN-1]; - - u_int8_t revision; -}; #endif /* IPT_SO_GET_REVISION_MATCH Old kernel source */ -struct iptables_rule_match -{ - struct iptables_rule_match *next; - - struct iptables_match *match; - - /* Multiple matches of the same type: the ones before - the current one are completed from parsing point of view */ - unsigned int completed; -}; - -/* Include file for additions: new matches and targets. */ -struct iptables_match -{ - struct iptables_match *next; - - ipt_chainlabel name; - - /* Revision of match (0 by default). */ - u_int8_t revision; - - const char *version; - - /* Size of match data. */ - size_t size; - - /* Size of match data relevent for userspace comparison purposes */ - size_t userspacesize; - - /* Function which prints out usage message. */ - void (*help)(void); - - /* Initialize the match. */ - void (*init)(struct ipt_entry_match *m, unsigned int *nfcache); - - /* Function which parses command options; returns true if it - ate an option */ - int (*parse)(int c, char **argv, int invert, unsigned int *flags, - const struct ipt_entry *entry, - unsigned int *nfcache, - struct ipt_entry_match **match); - - /* Final check; exit if not ok. */ - void (*final_check)(unsigned int flags); - - /* Prints out the match iff non-NULL: put space at end */ - void (*print)(const struct ipt_ip *ip, - const struct ipt_entry_match *match, int numeric); - - /* Saves the match info in parsable form to stdout. */ - void (*save)(const struct ipt_ip *ip, - const struct ipt_entry_match *match); - - /* Pointer to list of extra command-line options */ - const struct option *extra_opts; - - /* Ignore these men behind the curtain: */ - unsigned int option_offset; - struct ipt_entry_match *m; - unsigned int mflags; -#ifdef NO_SHARED_LIBS - unsigned int loaded; /* simulate loading so options are merged properly */ -#endif -}; - -struct iptables_target -{ - struct iptables_target *next; - - ipt_chainlabel name; - - /* Revision of target (0 by default). */ - u_int8_t revision; - - const char *version; - - /* Size of target data. */ - size_t size; - - /* Size of target data relevent for userspace comparison purposes */ - size_t userspacesize; - - /* Function which prints out usage message. */ - void (*help)(void); - - /* Initialize the target. */ - void (*init)(struct ipt_entry_target *t, unsigned int *nfcache); - - /* Function which parses command options; returns true if it - ate an option */ - int (*parse)(int c, char **argv, int invert, unsigned int *flags, - const struct ipt_entry *entry, - struct ipt_entry_target **target); - - /* Final check; exit if not ok. */ - void (*final_check)(unsigned int flags); - - /* Prints out the target iff non-NULL: put space at end */ - void (*print)(const struct ipt_ip *ip, - const struct ipt_entry_target *target, int numeric); - - /* Saves the targinfo in parsable form to stdout. */ - void (*save)(const struct ipt_ip *ip, - const struct ipt_entry_target *target); - - /* Pointer to list of extra command-line options */ - struct option *extra_opts; - - /* Ignore these men behind the curtain: */ - unsigned int option_offset; - struct ipt_entry_target *t; - unsigned int tflags; - unsigned int used; -#ifdef NO_SHARED_LIBS - unsigned int loaded; /* simulate loading so options are merged properly */ -#endif -}; +#define iptables_rule_match xtables_rule_match +#define iptables_match xtables_match +#define iptables_target xtables_target +#define ipt_tryload xt_tryload extern int line; @@ -169,20 +50,6 @@ extern void parse_interface(const char *arg, char *vianame, unsigned char *mask) extern int do_command(int argc, char *argv[], char **table, iptc_handle_t *handle); -/* Keeping track of external matches and targets: linked lists. */ -extern struct iptables_match *iptables_matches; -extern struct iptables_target *iptables_targets; - -enum ipt_tryload { - DONT_LOAD, - DURING_LOAD, - TRY_LOAD, - LOAD_MUST_SUCCEED -}; - -extern struct iptables_target *find_target(const char *name, enum ipt_tryload); -extern struct iptables_match *find_match(const char *name, enum ipt_tryload, struct iptables_rule_match **match); - extern int delete_chain(const ipt_chainlabel chain, int verbose, iptc_handle_t *handle); extern int flush_entries(const ipt_chainlabel chain, int verbose, |