diff options
Diffstat (limited to 'iptables/xshared.h')
| -rw-r--r-- | iptables/xshared.h | 72 |
1 files changed, 58 insertions, 14 deletions
diff --git a/iptables/xshared.h b/iptables/xshared.h index f43c28f5..26c492eb 100644 --- a/iptables/xshared.h +++ b/iptables/xshared.h @@ -12,8 +12,15 @@ #ifdef DEBUG #define DEBUGP(x, args...) fprintf(stderr, x, ## args) +#define DEBUG_HEXDUMP(pfx, data, len) \ + for (int __i = 0; __i < (len); __i++) { \ + if (__i % 16 == 0) \ + printf("%s%s: ", __i ? "\n" : "", (pfx)); \ + printf("%02x ", ((const unsigned char *)data)[__i]); \ + } printf("\n") #else #define DEBUGP(x, args...) +#define DEBUG_HEXDUMP(pfx, data, len) #endif enum { @@ -40,9 +47,11 @@ enum { /* below are for ebtables only */ OPT_LOGICALIN = 1 << 18, OPT_LOGICALOUT = 1 << 19, - OPT_COMMAND = 1 << 20, - OPT_ZERO = 1 << 21, + OPT_LIST_C = 1 << 20, + OPT_LIST_X = 1 << 21, + OPT_LIST_MAC2 = 1 << 22, }; +#define NUMBER_OF_OPT 24 enum { CMD_NONE = 0, @@ -61,19 +70,23 @@ enum { CMD_LIST_RULES = 1 << 12, CMD_ZERO_NUM = 1 << 13, CMD_CHECK = 1 << 14, + CMD_CHANGE_COUNTERS = 1 << 15, /* ebtables only */ + CMD_INIT_TABLE = 1 << 16, /* ebtables only */ }; -#define NUMBER_OF_CMD 16 +#define NUMBER_OF_CMD 18 struct xtables_globals; struct xtables_rule_match; struct xtables_target; -#define OPTSTRING_COMMON "-:A:C:D:E:F::I:L::M:N:P:VX::Z::" "c:d:i:j:o:p:s:t:" -#define IPT_OPTSTRING OPTSTRING_COMMON "R:S::W::" "46bfg:h::m:nvw::x" -#define ARPT_OPTSTRING OPTSTRING_COMMON "R:S::" "h::l:nvx" /* "m:" */ -#define EBT_OPTSTRING OPTSTRING_COMMON "hv" +#define OPTSTRING_COMMON "-:A:C:D:E:F::I:L::M:N:P:R:S::VX::Z::" "c:d:i:j:o:p:s:t:v" +#define IPT_OPTSTRING OPTSTRING_COMMON "W::" "46bfg:h::m:nw::x" +#define ARPT_OPTSTRING OPTSTRING_COMMON "h::l:nx" /* "m:" */ +#define EBT_OPTSTRING OPTSTRING_COMMON "h" -/* define invflags which won't collide with IPT ones */ +/* define invflags which won't collide with IPT ones. + * arptables-nft does NOT use the legacy ARPT_INV_* defines. + */ #define IPT_INV_SRCDEVADDR 0x0080 #define IPT_INV_TGTDEVADDR 0x0100 #define IPT_INV_ARPHLN 0x0200 @@ -126,10 +139,13 @@ struct iptables_command_state { char *protocol; int proto_used; const char *jumpto; + int argc; char **argv; bool restore; }; +void xtables_clear_iptables_command_state(struct iptables_command_state *cs); + typedef int (*mainfunc_t)(int, char **); struct subcommand { @@ -200,8 +216,7 @@ void save_ipv6_addr(char letter, const struct in6_addr *addr, void print_ifaces(const char *iniface, const char *outiface, uint8_t invflags, unsigned int format); -void save_iface(char letter, const char *iface, - const unsigned char *mask, int invert); +void save_iface(char letter, const char *iface, int invert); void print_fragment(unsigned int flags, unsigned int invflags, unsigned int format, bool fake); @@ -213,8 +228,7 @@ void assert_valid_chain_name(const char *chainname); void print_rule_details(unsigned int linenum, const struct xt_counters *ctrs, const char *targname, uint8_t proto, uint8_t flags, uint8_t invflags, unsigned int format); -void save_rule_details(const char *iniface, unsigned const char *iniface_mask, - const char *outiface, unsigned const char *outiface_mask, +void save_rule_details(const char *iniface, const char *outiface, uint16_t proto, int frag, uint8_t invflags); int print_match_save(const struct xt_entry_match *e, const void *ip); @@ -237,13 +251,20 @@ struct addr_mask { } mask; }; +enum { + CTR_OP_INC_PKTS = 1 << 0, + CTR_OP_DEC_PKTS = 1 << 1, + CTR_OP_INC_BYTES = 1 << 2, + CTR_OP_DEC_BYTES = 1 << 3, +}; + struct xtables_args { int family; - uint16_t proto; uint8_t flags; uint16_t invflags; char iniface[IFNAMSIZ], outiface[IFNAMSIZ]; unsigned char iniface_mask[IFNAMSIZ], outiface_mask[IFNAMSIZ]; + char bri_iniface[IFNAMSIZ], bri_outiface[IFNAMSIZ]; bool goto_set; const char *shostnetworkmask, *dhostnetworkmask; const char *pcnt, *bcnt; @@ -252,6 +273,7 @@ struct xtables_args { const char *arp_hlen, *arp_opcode; const char *arp_htype, *arp_ptype; unsigned long long pcnt_cnt, bcnt_cnt; + uint8_t counter_op; int wait; }; @@ -261,11 +283,17 @@ struct xt_cmd_parse_ops { void (*post_parse)(int command, struct iptables_command_state *cs, struct xtables_args *args); + const char *(*option_name)(int option); + int (*option_invert)(int option); + int (*command_default)(struct iptables_command_state *cs, + struct xtables_globals *gl, bool invert); + void (*print_help)(struct iptables_command_state *cs); }; struct xt_cmd_parse { unsigned int command; unsigned int rulenum; + unsigned int rulenum_end; char *table; const char *chain; const char *newname; @@ -273,10 +301,16 @@ struct xt_cmd_parse { bool restore; int line; int verbose; - bool xlate; + bool rule_ranges; struct xt_cmd_parse_ops *ops; }; +void xtables_printhelp(struct iptables_command_state *cs); +const char *ip46t_option_name(int option); +int ip46t_option_invert(int option); +int command_default(struct iptables_command_state *cs, + struct xtables_globals *gl, bool invert); + void do_parse(int argc, char *argv[], struct xt_cmd_parse *p, struct iptables_command_state *cs, struct xtables_args *args); @@ -293,4 +327,14 @@ void ipv6_post_parse(int command, struct iptables_command_state *cs, extern char *arp_opcodes[]; #define ARP_NUMOPCODES 9 +unsigned char *make_delete_mask(const struct xtables_rule_match *matches, + const struct xtables_target *target, + size_t entry_size); + +void iface_to_mask(const char *ifname, unsigned char *mask); + +void xtables_clear_args(struct xtables_args *args); + +const char *proto_to_name(uint16_t proto, int nolookup); + #endif /* IPTABLES_XSHARED_H */ |