diff options
Diffstat (limited to 'iptables/xshared.h')
-rw-r--r-- | iptables/xshared.h | 67 |
1 files changed, 19 insertions, 48 deletions
diff --git a/iptables/xshared.h b/iptables/xshared.h index 14568bb0..a200e0d6 100644 --- a/iptables/xshared.h +++ b/iptables/xshared.h @@ -12,8 +12,15 @@ #ifdef DEBUG #define DEBUGP(x, args...) fprintf(stderr, x, ## args) +#define DEBUG_HEXDUMP(pfx, data, len) \ + for (int __i = 0; __i < (len); __i++) { \ + if (__i % 16 == 0) \ + printf("%s%s: ", __i ? "\n" : "", (pfx)); \ + printf("%02x ", ((const unsigned char *)data)[__i]); \ + } printf("\n") #else #define DEBUGP(x, args...) +#define DEBUG_HEXDUMP(pfx, data, len) #endif enum { @@ -37,12 +44,13 @@ enum { OPT_OPCODE = 1 << 15, OPT_H_TYPE = 1 << 16, OPT_P_TYPE = 1 << 17, + /* below are for ebtables only */ + OPT_LOGICALIN = 1 << 18, + OPT_LOGICALOUT = 1 << 19, + OPT_COMMAND = 1 << 20, + OPT_ZERO = 1 << 21, }; -#define NUMBER_OF_OPT ARRAY_SIZE(optflags) -static const char optflags[] -= { 'n', 's', 'd', 'p', 'j', 'v', 'x', 'i', 'o', '0', 'c', 'f', 2, 3, 'l', 4, 5, 6 }; - enum { CMD_NONE = 0, CMD_INSERT = 1 << 0, @@ -69,7 +77,7 @@ struct xtables_target; #define OPTSTRING_COMMON "-:A:C:D:E:F::I:L::M:N:P:VX::Z::" "c:d:i:j:o:p:s:t:" #define IPT_OPTSTRING OPTSTRING_COMMON "R:S::W::" "46bfg:h::m:nvw::x" -#define ARPT_OPTSTRING OPTSTRING_COMMON "R:S::" "h::l:nv" /* "m:" */ +#define ARPT_OPTSTRING OPTSTRING_COMMON "R:S::" "h::l:nvx" /* "m:" */ #define EBT_OPTSTRING OPTSTRING_COMMON "hv" /* define invflags which won't collide with IPT ones */ @@ -79,30 +87,6 @@ struct xtables_target; #define IPT_INV_ARPOP 0x0400 #define IPT_INV_ARPHRD 0x0800 -void -set_option(unsigned int *options, unsigned int option, u_int16_t *invflg, - bool invert); - -/** - * xtables_afinfo - protocol family dependent information - * @kmod: kernel module basename (e.g. "ip_tables") - * @proc_exists: file which exists in procfs when module already loaded - * @libprefix: prefix of .so library name (e.g. "libipt_") - * @family: nfproto family - * @ipproto: used by setsockopt (e.g. IPPROTO_IP) - * @so_rev_match: optname to check revision support of match - * @so_rev_target: optname to check revision support of target - */ -struct xtables_afinfo { - const char *kmod; - const char *proc_exists; - const char *libprefix; - uint8_t family; - uint8_t ipproto; - int so_rev_match; - int so_rev_target; -}; - /* trick for ebtables-compat, since watchers are targets */ struct ebt_match { struct ebt_match *next; @@ -153,6 +137,8 @@ struct iptables_command_state { bool restore; }; +void xtables_clear_iptables_command_state(struct iptables_command_state *cs); + typedef int (*mainfunc_t)(int, char **); struct subcommand { @@ -160,14 +146,6 @@ struct subcommand { mainfunc_t main; }; -enum { - XT_OPTION_OFFSET_SCALE = 256, -}; - -extern void print_extension_helps(const struct xtables_target *, - const struct xtables_rule_match *); -extern int command_default(struct iptables_command_state *, - struct xtables_globals *, bool invert); extern int subcmd_main(int, char **, const struct subcommand *); extern void xs_init_target(struct xtables_target *); extern void xs_init_match(struct xtables_match *); @@ -199,8 +177,6 @@ int parse_counters(const char *string, struct xt_counters *ctr); bool tokenize_rule_counters(char **bufferp, char **pcnt, char **bcnt, int line); bool xs_has_arg(int argc, char *argv[]); -extern const struct xtables_afinfo *afinfo; - #define MAX_ARGC 255 struct argv_store { int argc; @@ -239,19 +215,10 @@ void save_iface(char letter, const char *iface, void print_fragment(unsigned int flags, unsigned int invflags, unsigned int format, bool fake); -void command_match(struct iptables_command_state *cs, bool invert); -const char *xt_parse_target(const char *targetname); void command_jump(struct iptables_command_state *cs, const char *jumpto); -char cmd2char(int option); -void add_command(unsigned int *cmd, const int newcmd, - const int othercmds, int invert); -int parse_rulenumber(const char *rule); void assert_valid_chain_name(const char *chainname); -void generic_opt_check(int command, int options); -char opt2char(int option); - void print_rule_details(unsigned int linenum, const struct xt_counters *ctrs, const char *targname, uint8_t proto, uint8_t flags, uint8_t invflags, unsigned int format); @@ -335,4 +302,8 @@ void ipv6_post_parse(int command, struct iptables_command_state *cs, extern char *arp_opcodes[]; #define ARP_NUMOPCODES 9 +unsigned char *make_delete_mask(const struct xtables_rule_match *matches, + const struct xtables_target *target, + size_t entry_size); + #endif /* IPTABLES_XSHARED_H */ |