It was/is a bit annoying that modifying xtables.h.in causes configure
to rerun. Split the @foo@ things into a separate file to bypass this.
Signed-off-by: Jan Engelhardt <jengelh@xxxxxxx>
---
.gitignore | 2 +-
Makefile.am | 2 +-
configure.ac | 2 +-
include/Makefile.am | 2 +-
include/xtables-version.h.in | 2 +
include/xtables.h | 526 +++++++++++++++++++++++++++++++++++++++++
include/xtables.h.in | 527 ------------------------------------------
7 files changed, 532 insertions(+), 531 deletions(-)
create mode 100644 include/xtables-version.h.in
create mode 100644 include/xtables.h
delete mode 100644 include/xtables.h.in
diff --git a/.gitignore b/.gitignore
index b7c3dfb..fa86c48 100644
--- a/.gitignore
+++ b/.gitignore
@@ -9,7 +9,7 @@
Makefile
Makefile.in
-/include/xtables.h
+/include/xtables-version.h
/include/iptables/internal.h
/aclocal.m4
diff --git a/Makefile.am b/Makefile.am
index 4eb63eb..6400ba4 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -27,4 +27,4 @@ tarball:
rm -Rf /tmp/${PACKAGE_TARNAME}-${PACKAGE_VERSION};
config.status: extensions/GNUmakefile.in \
- include/xtables.h.in include/iptables/internal.h.in
+ include/xtables-version.h.in include/iptables/internal.h.in
diff --git a/configure.ac b/configure.ac
index 861f5b3..4060f90 100644
--- a/configure.ac
+++ b/configure.ac
@@ -127,5 +127,5 @@ AC_CONFIG_FILES([Makefile extensions/GNUmakefile include/Makefile
libiptc/Makefile libiptc/libiptc.pc
libiptc/libip4tc.pc libiptc/libip6tc.pc
libxtables/Makefile utils/Makefile
- include/xtables.h include/iptables/internal.h])
+ include/xtables-version.h include/iptables/internal.h])
AC_OUTPUT
diff --git a/include/Makefile.am b/include/Makefile.am
index 6f7da59..e695120 100644
--- a/include/Makefile.am
+++ b/include/Makefile.am
@@ -1,7 +1,7 @@
# -*- Makefile -*-
include_HEADERS =
-nobase_include_HEADERS = xtables.h
+nobase_include_HEADERS = xtables.h xtables-version.h
if ENABLE_LIBIPQ
include_HEADERS += libipq/libipq.h
diff --git a/include/xtables-version.h.in b/include/xtables-version.h.in
new file mode 100644
index 0000000..cb13827
--- /dev/null
+++ b/include/xtables-version.h.in
@@ -0,0 +1,2 @@
+#define XTABLES_VERSION "libxtables.so.@libxtables_vmajor@"
+#define XTABLES_VERSION_CODE @libxtables_vmajor@
diff --git a/include/xtables.h b/include/xtables.h
new file mode 100644
index 0000000..3b15e67
--- /dev/null
+++ b/include/xtables.h
@@ -0,0 +1,526 @@
+#ifndef _XTABLES_H
+#define _XTABLES_H
+
+/*
+ * Changing any structs/functions may incur a needed change
+ * in libxtables_vcurrent/vage too.
+ */
+
+#include <sys/socket.h> /* PF_* */
+#include <sys/types.h>
+#include <limits.h>
+#include <stdbool.h>
+#include <stddef.h>
+#include <stdint.h>
+#include <netinet/in.h>
+#include <net/if.h>
+#include <linux/types.h>
+#include <linux/netfilter.h>
+#include <linux/netfilter/x_tables.h>
+
+#ifndef IPPROTO_SCTP
+#define IPPROTO_SCTP 132
+#endif
+#ifndef IPPROTO_DCCP
+#define IPPROTO_DCCP 33
+#endif
+#ifndef IPPROTO_MH
+# define IPPROTO_MH 135
+#endif
+#ifndef IPPROTO_UDPLITE
+#define IPPROTO_UDPLITE 136
+#endif
+
+#include <xtables-version.h>
+
+struct in_addr;
+
+/*
+ * .size is here so that there is a somewhat reasonable check
+ * against the chosen .type.
+ */
+#define XTOPT_POINTER(stype, member) \
+ .ptroff = offsetof(stype, member), \
+ .size = sizeof(((stype *)NULL)->member)
+#define XTOPT_TABLEEND {.name = NULL}
+
+/**
+ * Select the format the input has to conform to, as well as the target type
+ * (area pointed to with XTOPT_POINTER). Note that the storing is not always
+ * uniform. @cb->val will be populated with as much as there is space, i.e.
+ * exactly 2 items for ranges, but the target area can receive more values
+ * (e.g. in case of ranges), or less values (e.g. %XTTYPE_HOSTMASK).
+ *
+ * %XTTYPE_NONE: option takes no argument
+ * %XTTYPE_UINT*: standard integer
+ * %XTTYPE_UINT*RC: colon-separated range of standard integers
+ * %XTTYPE_DOUBLE: double-precision floating point number
+ * %XTTYPE_STRING: arbitrary string
+ * %XTTYPE_TOSMASK: 8-bit TOS value with optional mask
+ * %XTTYPE_MARKMASK32: 32-bit mark with optional mask
+ * %XTTYPE_SYSLOGLEVEL: syslog level by name or number
+ * %XTTYPE_HOST: one host or address (ptr: union nf_inet_addr)
+ * %XTTYPE_HOSTMASK: one host or address, with an optional prefix length
+ * (ptr: union nf_inet_addr; only host portion is stored)
+ * %XTTYPE_PROTOCOL: protocol number/name from /etc/protocols (ptr: uint8_t)
+ * %XTTYPE_PORT: 16-bit port name or number (supports %XTOPT_NBO)
+ * %XTTYPE_PORTRC: colon-separated port range (names acceptable),
+ * (supports %XTOPT_NBO)
+ * %XTTYPE_PLEN: prefix length
+ * %XTTYPE_PLENMASK: prefix length (ptr: union nf_inet_addr)
+ * %XTTYPE_ETHERMAC: Ethernet MAC address in hex form
+ */
+enum xt_option_type {
+ XTTYPE_NONE,
+ XTTYPE_UINT8,
+ XTTYPE_UINT16,
+ XTTYPE_UINT32,
+ XTTYPE_UINT64,
+ XTTYPE_UINT8RC,
+ XTTYPE_UINT16RC,
+ XTTYPE_UINT32RC,
+ XTTYPE_UINT64RC,
+ XTTYPE_DOUBLE,
+ XTTYPE_STRING,
+ XTTYPE_TOSMASK,
+ XTTYPE_MARKMASK32,
+ XTTYPE_SYSLOGLEVEL,
+ XTTYPE_HOST,
+ XTTYPE_HOSTMASK,
+ XTTYPE_PROTOCOL,
+ XTTYPE_PORT,
+ XTTYPE_PORTRC,
+ XTTYPE_PLEN,
+ XTTYPE_PLENMASK,
+ XTTYPE_ETHERMAC,
+};
+
+/**
+ * %XTOPT_INVERT: option is invertible (usable with !)
+ * %XTOPT_MAND: option is mandatory
+ * %XTOPT_MULTI: option may be specified multiple times
+ * %XTOPT_PUT: store value into memory at @ptroff
+ * %XTOPT_NBO: store value in network-byte order
+ * (only certain XTTYPEs recognize this)
+ */
+enum xt_option_flags {
+ XTOPT_INVERT = 1 << 0,
+ XTOPT_MAND = 1 << 1,
+ XTOPT_MULTI = 1 << 2,
+ XTOPT_PUT = 1 << 3,
+ XTOPT_NBO = 1 << 4,
+};
+
+/**
+ * @name: name of option
+ * @type: type of input and validation method, see %XTTYPE_*
+ * @id: unique number (within extension) for option, 0-31
+ * @excl: bitmask of flags that cannot be used with this option
+ * @also: bitmask of flags that must be used with this option
+ * @flags: bitmask of option flags, see %XTOPT_*
+ * @ptroff: offset into private structure for member
+ * @size: size of the item pointed to by @ptroff; this is a safeguard
+ * @min: lowest allowed value (for singular integral types)
+ * @max: highest allowed value (for singular integral types)
+ */
+struct xt_option_entry {
+ const char *name;
+ enum xt_option_type type;
+ unsigned int id, excl, also, flags;
+ unsigned int ptroff;
+ size_t size;
+ unsigned int min, max;
+};
+
+/**
+ * @arg: input from command line
+ * @ext_name: name of extension currently being processed
+ * @entry: current option being processed
+ * @data: per-extension kernel data block
+ * @xflags: options of the extension that have been used
+ * @invert: whether option was used with !
+ * @nvals: number of results in uXX_multi
+ * @val: parsed result
+ * @udata: per-extension private scratch area
+ * (cf. xtables_{match,target}->udata_size)
+ */
+struct xt_option_call {
+ const char *arg, *ext_name;
+ const struct xt_option_entry *entry;
+ void *data;
+ unsigned int xflags;
+ bool invert;
+ uint8_t nvals;
+ union {
+ uint8_t u8, u8_range[2], syslog_level, protocol;
+ uint16_t u16, u16_range[2], port, port_range[2];
+ uint32_t u32, u32_range[2];
+ uint64_t u64, u64_range[2];
+ double dbl;
+ struct {
+ union nf_inet_addr haddr, hmask;
+ uint8_t hlen;
+ };
+ struct {
+ uint8_t tos_value, tos_mask;
+ };
+ struct {
+ uint32_t mark, mask;
+ };
+ uint8_t ethermac[6];
+ } val;
+ /* Wished for a world where the ones below were gone: */
+ union {
+ struct xt_entry_match **match;
+ struct xt_entry_target **target;
+ };
+ void *xt_entry;
+ void *udata;
+};
+
+/**
+ * @ext_name: name of extension currently being processed
+ * @data: per-extension (kernel) data block
+ * @udata: per-extension private scratch area
+ * (cf. xtables_{match,target}->udata_size)
+ * @xflags: options of the extension that have been used
+ */
+struct xt_fcheck_call {
+ const char *ext_name;
+ void *data, *udata;
+ unsigned int xflags;
+};
+
+/**
+ * A "linear"/linked-list based name<->id map, for files similar to
+ * /etc/iproute2/.
+ */
+struct xtables_lmap {
+ char *name;
+ int id;
+ struct xtables_lmap *next;
+};
+
+/* Include file for additions: new matches and targets. */
+struct xtables_match
+{
+ /*
+ * ABI/API version this module requires. Must be first member,
+ * as the rest of this struct may be subject to ABI changes.
+ */
+ const char *version;
+
+ struct xtables_match *next;
+
+ const char *name;
+
+ /* Revision of match (0 by default). */
+ u_int8_t revision;
+
+ u_int16_t family;
+
+ /* Size of match data. */
+ size_t size;
+
+ /* Size of match data relevent for userspace comparison purposes */
+ size_t userspacesize;
+
+ /* Function which prints out usage message. */
+ void (*help)(void);
+
+ /* Initialize the match. */
+ void (*init)(struct xt_entry_match *m);
+
+ /* Function which parses command options; returns true if it
+ ate an option */
+ /* entry is struct ipt_entry for example */
+ int (*parse)(int c, char **argv, int invert, unsigned int *flags,
+ const void *entry,
+ struct xt_entry_match **match);
+
+ /* Final check; exit if not ok. */
+ void (*final_check)(unsigned int flags);
+
+ /* Prints out the match iff non-NULL: put space at end */
+ /* ip is struct ipt_ip * for example */
+ void (*print)(const void *ip,
+ const struct xt_entry_match *match, int numeric);
+
+ /* Saves the match info in parsable form to stdout. */
+ /* ip is struct ipt_ip * for example */
+ void (*save)(const void *ip, const struct xt_entry_match *match);
+
+ /* Pointer to list of extra command-line options */
+ const struct option *extra_opts;
+
+ /* New parser */
+ void (*x6_parse)(struct xt_option_call *);
+ void (*x6_fcheck)(struct xt_fcheck_call *);
+ const struct xt_option_entry *x6_options;
+
+ /* Size of per-extension instance extra "global" scratch space */
+ size_t udata_size;
+
+ /* Ignore these men behind the curtain: */
+ void *udata;
+ unsigned int option_offset;
+ struct xt_entry_match *m;
+ unsigned int mflags;
+ unsigned int loaded; /* simulate loading so options are merged properly */
+};
+
+struct xtables_target
+{
+ /*
+ * ABI/API version this module requires. Must be first member,
+ * as the rest of this struct may be subject to ABI changes.
+ */
+ const char *version;
+
+ struct xtables_target *next;
+
+
+ const char *name;
+
+ /* Revision of target (0 by default). */
+ u_int8_t revision;
+
+ u_int16_t family;
+
+
+ /* Size of target data. */
+ size_t size;
+
+ /* Size of target data relevent for userspace comparison purposes */
+ size_t userspacesize;
+
+ /* Function which prints out usage message. */
+ void (*help)(void);
+
+ /* Initialize the target. */
+ void (*init)(struct xt_entry_target *t);
+
+ /* Function which parses command options; returns true if it
+ ate an option */
+ /* entry is struct ipt_entry for example */
+ int (*parse)(int c, char **argv, int invert, unsigned int *flags,
+ const void *entry,
+ struct xt_entry_target **targetinfo);
+
+ /* Final check; exit if not ok. */
+ void (*final_check)(unsigned int flags);
+
+ /* Prints out the target iff non-NULL: put space at end */
+ void (*print)(const void *ip,
+ const struct xt_entry_target *target, int numeric);
+
+ /* Saves the targinfo in parsable form to stdout. */
+ void (*save)(const void *ip,
+ const struct xt_entry_target *target);
+
+ /* Pointer to list of extra command-line options */
+ const struct option *extra_opts;
+
+ /* New parser */
+ void (*x6_parse)(struct xt_option_call *);
+ void (*x6_fcheck)(struct xt_fcheck_call *);
+ const struct xt_option_entry *x6_options;
+
+ size_t udata_size;
+
+ /* Ignore these men behind the curtain: */
+ void *udata;
+ unsigned int option_offset;
+ struct xt_entry_target *t;
+ unsigned int tflags;
+ unsigned int used;
+ unsigned int loaded; /* simulate loading so options are merged properly */
+};
+
+struct xtables_rule_match {
+ struct xtables_rule_match *next;
+ struct xtables_match *match;
+ /* Multiple matches of the same type: the ones before
+ the current one are completed from parsing point of view */
+ bool completed;
+};
+
+/**
+ * struct xtables_pprot -
+ *
+ * A few hardcoded protocols for 'all' and in case the user has no
+ * /etc/protocols.
+ */
+struct xtables_pprot {
+ const char *name;
+ u_int8_t num;
+};
+
+enum xtables_tryload {
+ XTF_DONT_LOAD,
+ XTF_DURING_LOAD,
+ XTF_TRY_LOAD,
+ XTF_LOAD_MUST_SUCCEED,
+};
+
+enum xtables_exittype {
+ OTHER_PROBLEM = 1,
+ PARAMETER_PROBLEM,
+ VERSION_PROBLEM,
+ RESOURCE_PROBLEM,
+ XTF_ONLY_ONCE,
+ XTF_NO_INVERT,
+ XTF_BAD_VALUE,
+ XTF_ONE_ACTION,
+};
+
+struct xtables_globals
+{
+ unsigned int option_offset;
+ const char *program_name, *program_version;
+ struct option *orig_opts;
+ struct option *opts;
+ void (*exit_err)(enum xtables_exittype status, const char *msg, ...) __attribute__((noreturn, format(printf,2,3)));
+};
+
+#define XT_GETOPT_TABLEEND {.name = NULL, .has_arg = false}
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+extern const char *xtables_modprobe_program;
+extern struct xtables_match *xtables_matches;
+extern struct xtables_target *xtables_targets;
+
+extern void xtables_init(void);
+extern void xtables_set_nfproto(uint8_t);
+extern void *xtables_calloc(size_t, size_t);
+extern void *xtables_malloc(size_t);
+extern void *xtables_realloc(void *, size_t);
+
+extern int xtables_insmod(const char *, const char *, bool);
+extern int xtables_load_ko(const char *, bool);
+extern int xtables_set_params(struct xtables_globals *xtp);
+extern void xtables_free_opts(int reset_offset);
+extern struct option *xtables_merge_options(struct option *origopts,
+ struct option *oldopts, const struct option *newopts,
+ unsigned int *option_offset);
+
+extern int xtables_init_all(struct xtables_globals *xtp, uint8_t nfproto);
+extern struct xtables_match *xtables_find_match(const char *name,
+ enum xtables_tryload, struct xtables_rule_match **match);
+extern struct xtables_target *xtables_find_target(const char *name,
+ enum xtables_tryload);
+
+/* Your shared library should call one of these. */
+extern void xtables_register_match(struct xtables_match *me);
+extern void xtables_register_matches(struct xtables_match *, unsigned int);
+extern void xtables_register_target(struct xtables_target *me);
+extern void xtables_register_targets(struct xtables_target *, unsigned int);
+
+extern bool xtables_strtoul(const char *, char **, uintmax_t *,
+ uintmax_t, uintmax_t);
+extern bool xtables_strtoui(const char *, char **, unsigned int *,
+ unsigned int, unsigned int);
+extern int xtables_service_to_port(const char *name, const char *proto);
+extern u_int16_t xtables_parse_port(const char *port, const char *proto);
+extern void
+xtables_parse_interface(const char *arg, char *vianame, unsigned char *mask);
+
+/* this is a special 64bit data type that is 8-byte aligned */
+#define aligned_u64 u_int64_t __attribute__((aligned(8)))
+
+extern struct xtables_globals *xt_params;
+#define xtables_error (xt_params->exit_err)
+
+extern void xtables_param_act(unsigned int, const char *, ...);
+
+extern const char *xtables_ipaddr_to_numeric(const struct in_addr *);
+extern const char *xtables_ipaddr_to_anyname(const struct in_addr *);
+extern const char *xtables_ipmask_to_numeric(const struct in_addr *);
+extern struct in_addr *xtables_numeric_to_ipaddr(const char *);
+extern struct in_addr *xtables_numeric_to_ipmask(const char *);
+extern int xtables_ipmask_to_cidr(const struct in_addr *);
+extern void xtables_ipparse_any(const char *, struct in_addr **,
+ struct in_addr *, unsigned int *);
+extern void xtables_ipparse_multiple(const char *, struct in_addr **,
+ struct in_addr **, unsigned int *);
+
+extern struct in6_addr *xtables_numeric_to_ip6addr(const char *);
+extern const char *xtables_ip6addr_to_numeric(const struct in6_addr *);
+extern const char *xtables_ip6addr_to_anyname(const struct in6_addr *);
+extern const char *xtables_ip6mask_to_numeric(const struct in6_addr *);
+extern int xtables_ip6mask_to_cidr(const struct in6_addr *);
+extern void xtables_ip6parse_any(const char *, struct in6_addr **,
+ struct in6_addr *, unsigned int *);
+extern void xtables_ip6parse_multiple(const char *, struct in6_addr **,
+ struct in6_addr **, unsigned int *);
+
+/**
+ * Print the specified value to standard output, quoting dangerous
+ * characters if required.
+ */
+extern void xtables_save_string(const char *value);
+
+#if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS)
+# ifdef _INIT
+# undef _init
+# define _init _INIT
+# endif
+ extern void init_extensions(void);
+ extern void init_extensions4(void);
+ extern void init_extensions6(void);
+#else
+# define _init __attribute__((constructor)) _INIT
+#endif
+
+extern const struct xtables_pprot xtables_chain_protos[];
+extern u_int16_t xtables_parse_protocol(const char *s);
+
+/* kernel revision handling */
+extern int kernel_version;
+extern void get_kernel_version(void);
+#define LINUX_VERSION(x,y,z) (0x10000*(x) + 0x100*(y) + z)
+#define LINUX_VERSION_MAJOR(x) (((x)>>16) & 0xFF)
+#define LINUX_VERSION_MINOR(x) (((x)>> 8) & 0xFF)
+#define LINUX_VERSION_PATCH(x) ( (x) & 0xFF)
+
+/* xtoptions.c */
+extern void xtables_option_metavalidate(const char *,
+ const struct xt_option_entry *);
+extern struct option *xtables_options_xfrm(struct option *, struct option *,
+ const struct xt_option_entry *,
+ unsigned int *);
+extern void xtables_option_parse(struct xt_option_call *);
+extern void xtables_option_tpcall(unsigned int, char **, bool,
+ struct xtables_target *, void *);
+extern void xtables_option_mpcall(unsigned int, char **, bool,
+ struct xtables_match *, void *);
+extern void xtables_option_tfcall(struct xtables_target *);
+extern void xtables_option_mfcall(struct xtables_match *);
+extern void xtables_options_fcheck(const char *, unsigned int,
+ const struct xt_option_entry *);
+
+extern struct xtables_lmap *xtables_lmap_init(const char *);
+extern void xtables_lmap_free(struct xtables_lmap *);
+extern int xtables_lmap_name2id(const struct xtables_lmap *, const char *);
+extern const char *xtables_lmap_id2name(const struct xtables_lmap *, int);
+
+#ifdef XTABLES_INTERNAL
+
+/* Shipped modules rely on this... */
+
+# ifndef ARRAY_SIZE
+# define ARRAY_SIZE(x) (sizeof(x) / sizeof(*(x)))
+# endif
+
+extern void _init(void);
+
+#endif
+
+#ifdef __cplusplus
+} /* extern "C" */
+#endif
+
+#endif /* _XTABLES_H */
diff --git a/include/xtables.h.in b/include/xtables.h.in
deleted file mode 100644
index db69c03..0000000
--- a/include/xtables.h.in
+++ /dev/null
@@ -1,527 +0,0 @@
-#ifndef _XTABLES_H
-#define _XTABLES_H
-
-/*
- * Changing any structs/functions may incur a needed change
- * in libxtables_vcurrent/vage too.
- */
-
-#include <sys/socket.h> /* PF_* */
-#include <sys/types.h>
-#include <limits.h>
-#include <stdbool.h>
-#include <stddef.h>
-#include <stdint.h>
-#include <netinet/in.h>
-#include <net/if.h>
-#include <linux/types.h>
-#include <linux/netfilter.h>
-#include <linux/netfilter/x_tables.h>
-
-#ifndef IPPROTO_SCTP
-#define IPPROTO_SCTP 132
-#endif
-#ifndef IPPROTO_DCCP
-#define IPPROTO_DCCP 33
-#endif
-#ifndef IPPROTO_MH
-# define IPPROTO_MH 135
-#endif
-#ifndef IPPROTO_UDPLITE
-#define IPPROTO_UDPLITE 136
-#endif
-
-#define XTABLES_VERSION "libxtables.so.@libxtables_vmajor@"
-#define XTABLES_VERSION_CODE @libxtables_vmajor@
-
-struct in_addr;
-
-/*
- * .size is here so that there is a somewhat reasonable check
- * against the chosen .type.
- */
-#define XTOPT_POINTER(stype, member) \
- .ptroff = offsetof(stype, member), \
- .size = sizeof(((stype *)NULL)->member)
-#define XTOPT_TABLEEND {.name = NULL}
-
-/**
- * Select the format the input has to conform to, as well as the target type
- * (area pointed to with XTOPT_POINTER). Note that the storing is not always
- * uniform. @cb->val will be populated with as much as there is space, i.e.
- * exactly 2 items for ranges, but the target area can receive more values
- * (e.g. in case of ranges), or less values (e.g. %XTTYPE_HOSTMASK).
- *
- * %XTTYPE_NONE: option takes no argument
- * %XTTYPE_UINT*: standard integer
- * %XTTYPE_UINT*RC: colon-separated range of standard integers
- * %XTTYPE_DOUBLE: double-precision floating point number
- * %XTTYPE_STRING: arbitrary string
- * %XTTYPE_TOSMASK: 8-bit TOS value with optional mask
- * %XTTYPE_MARKMASK32: 32-bit mark with optional mask
- * %XTTYPE_SYSLOGLEVEL: syslog level by name or number
- * %XTTYPE_HOST: one host or address (ptr: union nf_inet_addr)
- * %XTTYPE_HOSTMASK: one host or address, with an optional prefix length
- * (ptr: union nf_inet_addr; only host portion is stored)
- * %XTTYPE_PROTOCOL: protocol number/name from /etc/protocols (ptr: uint8_t)
- * %XTTYPE_PORT: 16-bit port name or number (supports %XTOPT_NBO)
- * %XTTYPE_PORTRC: colon-separated port range (names acceptable),
- * (supports %XTOPT_NBO)
- * %XTTYPE_PLEN: prefix length
- * %XTTYPE_PLENMASK: prefix length (ptr: union nf_inet_addr)
- * %XTTYPE_ETHERMAC: Ethernet MAC address in hex form
- */
-enum xt_option_type {
- XTTYPE_NONE,
- XTTYPE_UINT8,
- XTTYPE_UINT16,
- XTTYPE_UINT32,
- XTTYPE_UINT64,
- XTTYPE_UINT8RC,
- XTTYPE_UINT16RC,
- XTTYPE_UINT32RC,
- XTTYPE_UINT64RC,
- XTTYPE_DOUBLE,
- XTTYPE_STRING,
- XTTYPE_TOSMASK,
- XTTYPE_MARKMASK32,
- XTTYPE_SYSLOGLEVEL,
- XTTYPE_HOST,
- XTTYPE_HOSTMASK,
- XTTYPE_PROTOCOL,
- XTTYPE_PORT,
- XTTYPE_PORTRC,
- XTTYPE_PLEN,
- XTTYPE_PLENMASK,
- XTTYPE_ETHERMAC,
-};
-
-/**
- * %XTOPT_INVERT: option is invertible (usable with !)
- * %XTOPT_MAND: option is mandatory
- * %XTOPT_MULTI: option may be specified multiple times
- * %XTOPT_PUT: store value into memory at @ptroff
- * %XTOPT_NBO: store value in network-byte order
- * (only certain XTTYPEs recognize this)
- */
-enum xt_option_flags {
- XTOPT_INVERT = 1 << 0,
- XTOPT_MAND = 1 << 1,
- XTOPT_MULTI = 1 << 2,
- XTOPT_PUT = 1 << 3,
- XTOPT_NBO = 1 << 4,
-};
-
-/**
- * @name: name of option
- * @type: type of input and validation method, see %XTTYPE_*
- * @id: unique number (within extension) for option, 0-31
- * @excl: bitmask of flags that cannot be used with this option
- * @also: bitmask of flags that must be used with this option
- * @flags: bitmask of option flags, see %XTOPT_*
- * @ptroff: offset into private structure for member
- * @size: size of the item pointed to by @ptroff; this is a safeguard
- * @min: lowest allowed value (for singular integral types)
- * @max: highest allowed value (for singular integral types)
- */
-struct xt_option_entry {
- const char *name;
- enum xt_option_type type;
- unsigned int id, excl, also, flags;
- unsigned int ptroff;
- size_t size;
- unsigned int min, max;
-};
-
-/**
- * @arg: input from command line
- * @ext_name: name of extension currently being processed
- * @entry: current option being processed
- * @data: per-extension kernel data block
- * @xflags: options of the extension that have been used
- * @invert: whether option was used with !
- * @nvals: number of results in uXX_multi
- * @val: parsed result
- * @udata: per-extension private scratch area
- * (cf. xtables_{match,target}->udata_size)
- */
-struct xt_option_call {
- const char *arg, *ext_name;
- const struct xt_option_entry *entry;
- void *data;
- unsigned int xflags;
- bool invert;
- uint8_t nvals;
- union {
- uint8_t u8, u8_range[2], syslog_level, protocol;
- uint16_t u16, u16_range[2], port, port_range[2];
- uint32_t u32, u32_range[2];
- uint64_t u64, u64_range[2];
- double dbl;
- struct {
- union nf_inet_addr haddr, hmask;
- uint8_t hlen;
- };
- struct {
- uint8_t tos_value, tos_mask;
- };
- struct {
- uint32_t mark, mask;
- };
- uint8_t ethermac[6];
- } val;
- /* Wished for a world where the ones below were gone: */
- union {
- struct xt_entry_match **match;
- struct xt_entry_target **target;
- };
- void *xt_entry;
- void *udata;
-};
-
-/**
- * @ext_name: name of extension currently being processed
- * @data: per-extension (kernel) data block
- * @udata: per-extension private scratch area
- * (cf. xtables_{match,target}->udata_size)
- * @xflags: options of the extension that have been used
- */
-struct xt_fcheck_call {
- const char *ext_name;
- void *data, *udata;
- unsigned int xflags;
-};
-
-/**
- * A "linear"/linked-list based name<->id map, for files similar to
- * /etc/iproute2/.
- */
-struct xtables_lmap {
- char *name;
- int id;
- struct xtables_lmap *next;
-};
-
-/* Include file for additions: new matches and targets. */
-struct xtables_match
-{
- /*
- * ABI/API version this module requires. Must be first member,
- * as the rest of this struct may be subject to ABI changes.
- */
- const char *version;
-
- struct xtables_match *next;
-
- const char *name;
-
- /* Revision of match (0 by default). */
- u_int8_t revision;
-
- u_int16_t family;
-
- /* Size of match data. */
- size_t size;
-
- /* Size of match data relevent for userspace comparison purposes */
- size_t userspacesize;
-
- /* Function which prints out usage message. */
- void (*help)(void);
-
- /* Initialize the match. */
- void (*init)(struct xt_entry_match *m);
-
- /* Function which parses command options; returns true if it
- ate an option */
- /* entry is struct ipt_entry for example */
- int (*parse)(int c, char **argv, int invert, unsigned int *flags,
- const void *entry,
- struct xt_entry_match **match);
-
- /* Final check; exit if not ok. */
- void (*final_check)(unsigned int flags);
-
- /* Prints out the match iff non-NULL: put space at end */
- /* ip is struct ipt_ip * for example */
- void (*print)(const void *ip,
- const struct xt_entry_match *match, int numeric);
-
- /* Saves the match info in parsable form to stdout. */
- /* ip is struct ipt_ip * for example */
- void (*save)(const void *ip, const struct xt_entry_match *match);
-
- /* Pointer to list of extra command-line options */
- const struct option *extra_opts;
-
- /* New parser */
- void (*x6_parse)(struct xt_option_call *);
- void (*x6_fcheck)(struct xt_fcheck_call *);
- const struct xt_option_entry *x6_options;
-
- /* Size of per-extension instance extra "global" scratch space */
- size_t udata_size;
-
- /* Ignore these men behind the curtain: */
- void *udata;
- unsigned int option_offset;
- struct xt_entry_match *m;
- unsigned int mflags;
- unsigned int loaded; /* simulate loading so options are merged properly */
-};
-
-struct xtables_target
-{
- /*
- * ABI/API version this module requires. Must be first member,
- * as the rest of this struct may be subject to ABI changes.
- */
- const char *version;
-
- struct xtables_target *next;
-
-
- const char *name;
-
- /* Revision of target (0 by default). */
- u_int8_t revision;
-
- u_int16_t family;
-
-
- /* Size of target data. */
- size_t size;
-
- /* Size of target data relevent for userspace comparison purposes */
- size_t userspacesize;
-
- /* Function which prints out usage message. */
- void (*help)(void);
-
- /* Initialize the target. */
- void (*init)(struct xt_entry_target *t);
-
- /* Function which parses command options; returns true if it
- ate an option */
- /* entry is struct ipt_entry for example */
- int (*parse)(int c, char **argv, int invert, unsigned int *flags,
- const void *entry,
- struct xt_entry_target **targetinfo);
-
- /* Final check; exit if not ok. */
- void (*final_check)(unsigned int flags);
-
- /* Prints out the target iff non-NULL: put space at end */
- void (*print)(const void *ip,
- const struct xt_entry_target *target, int numeric);
-
- /* Saves the targinfo in parsable form to stdout. */
- void (*save)(const void *ip,
- const struct xt_entry_target *target);
-
- /* Pointer to list of extra command-line options */
- const struct option *extra_opts;
-
- /* New parser */
- void (*x6_parse)(struct xt_option_call *);
- void (*x6_fcheck)(struct xt_fcheck_call *);
- const struct xt_option_entry *x6_options;
-
- size_t udata_size;
-
- /* Ignore these men behind the curtain: */
- void *udata;
- unsigned int option_offset;
- struct xt_entry_target *t;
- unsigned int tflags;
- unsigned int used;
- unsigned int loaded; /* simulate loading so options are merged properly */
-};
-
-struct xtables_rule_match {
- struct xtables_rule_match *next;
- struct xtables_match *match;
- /* Multiple matches of the same type: the ones before
- the current one are completed from parsing point of view */
- bool completed;
-};
-
-/**
- * struct xtables_pprot -
- *
- * A few hardcoded protocols for 'all' and in case the user has no
- * /etc/protocols.
- */
-struct xtables_pprot {
- const char *name;
- u_int8_t num;
-};
-
-enum xtables_tryload {
- XTF_DONT_LOAD,
- XTF_DURING_LOAD,
- XTF_TRY_LOAD,
- XTF_LOAD_MUST_SUCCEED,
-};
-
-enum xtables_exittype {
- OTHER_PROBLEM = 1,
- PARAMETER_PROBLEM,
- VERSION_PROBLEM,
- RESOURCE_PROBLEM,
- XTF_ONLY_ONCE,
- XTF_NO_INVERT,
- XTF_BAD_VALUE,
- XTF_ONE_ACTION,
-};
-
-struct xtables_globals
-{
- unsigned int option_offset;
- const char *program_name, *program_version;
- struct option *orig_opts;
- struct option *opts;
- void (*exit_err)(enum xtables_exittype status, const char *msg, ...) __attribute__((noreturn, format(printf,2,3)));
-};
-
-#define XT_GETOPT_TABLEEND {.name = NULL, .has_arg = false}
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-extern const char *xtables_modprobe_program;
-extern struct xtables_match *xtables_matches;
-extern struct xtables_target *xtables_targets;
-
-extern void xtables_init(void);
-extern void xtables_set_nfproto(uint8_t);
-extern void *xtables_calloc(size_t, size_t);
-extern void *xtables_malloc(size_t);
-extern void *xtables_realloc(void *, size_t);
-
-extern int xtables_insmod(const char *, const char *, bool);
-extern int xtables_load_ko(const char *, bool);
-extern int xtables_set_params(struct xtables_globals *xtp);
-extern void xtables_free_opts(int reset_offset);
-extern struct option *xtables_merge_options(struct option *origopts,
- struct option *oldopts, const struct option *newopts,
- unsigned int *option_offset);
-
-extern int xtables_init_all(struct xtables_globals *xtp, uint8_t nfproto);
-extern struct xtables_match *xtables_find_match(const char *name,
- enum xtables_tryload, struct xtables_rule_match **match);
-extern struct xtables_target *xtables_find_target(const char *name,
- enum xtables_tryload);
-
-/* Your shared library should call one of these. */
-extern void xtables_register_match(struct xtables_match *me);
-extern void xtables_register_matches(struct xtables_match *, unsigned int);
-extern void xtables_register_target(struct xtables_target *me);
-extern void xtables_register_targets(struct xtables_target *, unsigned int);
-
-extern bool xtables_strtoul(const char *, char **, uintmax_t *,
- uintmax_t, uintmax_t);
-extern bool xtables_strtoui(const char *, char **, unsigned int *,
- unsigned int, unsigned int);
-extern int xtables_service_to_port(const char *name, const char *proto);
-extern u_int16_t xtables_parse_port(const char *port, const char *proto);
-extern void
-xtables_parse_interface(const char *arg, char *vianame, unsigned char *mask);
-
-/* this is a special 64bit data type that is 8-byte aligned */
-#define aligned_u64 u_int64_t __attribute__((aligned(8)))
-
-extern struct xtables_globals *xt_params;
-#define xtables_error (xt_params->exit_err)
-
-extern void xtables_param_act(unsigned int, const char *, ...);
-
-extern const char *xtables_ipaddr_to_numeric(const struct in_addr *);
-extern const char *xtables_ipaddr_to_anyname(const struct in_addr *);
-extern const char *xtables_ipmask_to_numeric(const struct in_addr *);
-extern struct in_addr *xtables_numeric_to_ipaddr(const char *);
-extern struct in_addr *xtables_numeric_to_ipmask(const char *);
-extern int xtables_ipmask_to_cidr(const struct in_addr *);
-extern void xtables_ipparse_any(const char *, struct in_addr **,
- struct in_addr *, unsigned int *);
-extern void xtables_ipparse_multiple(const char *, struct in_addr **,
- struct in_addr **, unsigned int *);
-
-extern struct in6_addr *xtables_numeric_to_ip6addr(const char *);
-extern const char *xtables_ip6addr_to_numeric(const struct in6_addr *);
-extern const char *xtables_ip6addr_to_anyname(const struct in6_addr *);
-extern const char *xtables_ip6mask_to_numeric(const struct in6_addr *);
-extern int xtables_ip6mask_to_cidr(const struct in6_addr *);
-extern void xtables_ip6parse_any(const char *, struct in6_addr **,
- struct in6_addr *, unsigned int *);
-extern void xtables_ip6parse_multiple(const char *, struct in6_addr **,
- struct in6_addr **, unsigned int *);
-
-/**
- * Print the specified value to standard output, quoting dangerous
- * characters if required.
- */
-extern void xtables_save_string(const char *value);
-
-#if defined(ALL_INCLUSIVE) || defined(NO_SHARED_LIBS)
-# ifdef _INIT
-# undef _init
-# define _init _INIT
-# endif
- extern void init_extensions(void);
- extern void init_extensions4(void);
- extern void init_extensions6(void);
-#else
-# define _init __attribute__((constructor)) _INIT
-#endif
-
-extern const struct xtables_pprot xtables_chain_protos[];
-extern u_int16_t xtables_parse_protocol(const char *s);
-
-/* kernel revision handling */
-extern int kernel_version;
-extern void get_kernel_version(void);
-#define LINUX_VERSION(x,y,z) (0x10000*(x) + 0x100*(y) + z)
-#define LINUX_VERSION_MAJOR(x) (((x)>>16) & 0xFF)
-#define LINUX_VERSION_MINOR(x) (((x)>> 8) & 0xFF)
-#define LINUX_VERSION_PATCH(x) ( (x) & 0xFF)
-
-/* xtoptions.c */
-extern void xtables_option_metavalidate(const char *,
- const struct xt_option_entry *);
-extern struct option *xtables_options_xfrm(struct option *, struct option *,
- const struct xt_option_entry *,
- unsigned int *);
-extern void xtables_option_parse(struct xt_option_call *);
-extern void xtables_option_tpcall(unsigned int, char **, bool,
- struct xtables_target *, void *);
-extern void xtables_option_mpcall(unsigned int, char **, bool,
- struct xtables_match *, void *);
-extern void xtables_option_tfcall(struct xtables_target *);
-extern void xtables_option_mfcall(struct xtables_match *);
-extern void xtables_options_fcheck(const char *, unsigned int,
- const struct xt_option_entry *);
-
-extern struct xtables_lmap *xtables_lmap_init(const char *);
-extern void xtables_lmap_free(struct xtables_lmap *);
-extern int xtables_lmap_name2id(const struct xtables_lmap *, const char *);
-extern const char *xtables_lmap_id2name(const struct xtables_lmap *, int);
-
-#ifdef XTABLES_INTERNAL
-
-/* Shipped modules rely on this... */
-
-# ifndef ARRAY_SIZE
-# define ARRAY_SIZE(x) (sizeof(x) / sizeof(*(x)))
-# endif
-
-extern void _init(void);
-
-#endif
-
-#ifdef __cplusplus
-} /* extern "C" */
-#endif
-
-#endif /* _XTABLES_H */
--
1.7.10.4
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
