 |
netfilter
firewalling, NAT, and packet mangling for linux
|
|
|
netfilter
firewalling, NAT, and packet mangling for linux
|
|
#include <sys/socket.h>#include <sys/types.h>#include <limits.h>#include <stdbool.h>#include <stddef.h>#include <stdint.h>#include <netinet/in.h>#include <net/if.h>#include <linux/types.h>#include <linux/netfilter.h>#include <linux/netfilter/x_tables.h>#include <xtables-version.h>
Data Structures | |
| struct | xt_option_entry |
| struct | xt_option_call |
| struct | xt_fcheck_call |
| : name of extension currently being processed : per-extension (kernel) data block : per-extension private scratch area (cf. More... | |
| struct | xtables_lmap |
| A "linear"/linked-list based name<->id map, for files similar to /etc/iproute2/. More... | |
| struct | xtables_match |
| struct | xtables_target |
| struct | xtables_rule_match |
| struct | xtables_pprot |
| struct xtables_pprot - More... | |
| struct | xtables_globals |
Macros | |
| #define | IPPROTO_SCTP 132 |
| #define | IPPROTO_DCCP 33 |
| #define | IPPROTO_MH 135 |
| #define | IPPROTO_UDPLITE 136 |
| #define | XTOPT_POINTER(stype, member) |
| #define | XTOPT_TABLEEND {.name = NULL} |
Enumerations | |
| enum | xt_option_type { XTTYPE_NONE, XTTYPE_UINT8, XTTYPE_UINT16, XTTYPE_UINT32, XTTYPE_UINT64, XTTYPE_UINT8RC, XTTYPE_UINT16RC, XTTYPE_UINT32RC, XTTYPE_UINT64RC, XTTYPE_DOUBLE, XTTYPE_STRING, XTTYPE_TOSMASK, XTTYPE_MARKMASK32, XTTYPE_SYSLOGLEVEL, XTTYPE_HOST, XTTYPE_HOSTMASK, XTTYPE_PROTOCOL, XTTYPE_PORT, XTTYPE_PORTRC, XTTYPE_PLEN, XTTYPE_PLENMASK, XTTYPE_ETHERMAC } |
| Select the format the input has to conform to, as well as the target type (area pointed to with XTOPT_POINTER). More... | |
| enum | xt_option_flags { XTOPT_INVERT = 1 << 0, XTOPT_MAND = 1 << 1, XTOPT_MULTI = 1 << 2, XTOPT_PUT = 1 << 3, XTOPT_NBO = 1 << 4 } |
| XTOPT_INVERT: option is invertible (usable with !) XTOPT_MAND: option is mandatory XTOPT_MULTI: option may be specified multiple times XTOPT_PUT: store value into memory at XTOPT_NBO: store value in network-byte order (only certain XTTYPEs recognize this) More... | |
: name of option | |
: type of input and validation method, see XTTYPE_* : unique number (within extension) for option, 0-31 : bitmask of flags that cannot be used with this option : bitmask of flags that must be used with this option : bitmask of option flags, see XTOPT_* : offset into private structure for member : size of the item pointed to by ; this is a safeguard : lowest allowed value (for singular integral types) : highest allowed value (for singular integral types) | |
| #define | XT_GETOPT_TABLEEND {.name = NULL, .has_arg = false} |
| #define | aligned_u64 u_int64_t __attribute__((aligned(8))) |
| #define | xtables_error (xt_params->exit_err) |
| #define | FMT_NUMERIC 0x0001 |
| #define | FMT_NOCOUNTS 0x0002 |
| #define | FMT_KILOMEGAGIGA 0x0004 |
| #define | FMT_OPTIONS 0x0008 |
| #define | FMT_NOTABLE 0x0010 |
| #define | FMT_NOTARGET 0x0020 |
| #define | FMT_VIA 0x0040 |
| #define | FMT_NONEWLINE 0x0080 |
| #define | FMT_LINENUMBERS 0x0100 |
| #define | FMT_PRINT_RULE |
| #define | FMT(tab, notab) ((format) & FMT_NOTABLE ? (notab) : (tab)) |
| #define | _init __attribute__((constructor)) _INIT |
| #define | LINUX_VERSION(x, y, z) (0x10000*(x) + 0x100*(y) + z) |
| #define | LINUX_VERSION_MAJOR(x) (((x)>>16) & 0xFF) |
| #define | LINUX_VERSION_MINOR(x) (((x)>> 8) & 0xFF) |
| #define | LINUX_VERSION_PATCH(x) ( (x) & 0xFF) |
| enum | xtables_ext_flags { XTABLES_EXT_ALIAS = 1 << 0 } |
| enum | xtables_tryload { XTF_DONT_LOAD, XTF_DURING_LOAD, XTF_TRY_LOAD, XTF_LOAD_MUST_SUCCEED } |
| enum | xtables_exittype { OTHER_PROBLEM = 1, PARAMETER_PROBLEM, VERSION_PROBLEM, RESOURCE_PROBLEM, XTF_ONLY_ONCE, XTF_NO_INVERT, XTF_BAD_VALUE, XTF_ONE_ACTION } |
| const char * | xtables_modprobe_program |
| struct xtables_match * | xtables_matches |
| struct xtables_target * | xtables_targets |
| struct xtables_globals * | xt_params |
| const struct xtables_pprot | xtables_chain_protos [] |
| int | kernel_version |
| void | xtables_init (void) |
| void | xtables_set_nfproto (uint8_t) |
| void * | xtables_calloc (size_t, size_t) |
| xtables_*alloc - wrappers that exit on failure More... | |
| void * | xtables_malloc (size_t) |
| void * | xtables_realloc (void *, size_t) |
| int | xtables_insmod (const char *, const char *, bool) |
| int | xtables_load_ko (const char *, bool) |
| int | xtables_set_params (struct xtables_globals *xtp) |
| xtables_set_params - set the global parameters used by xtables : input xtables_globals structure More... | |
| void | xtables_free_opts (int reset_offset) |
| struct option * | xtables_merge_options (struct option *origopts, struct option *oldopts, const struct option *newopts, unsigned int *option_offset) |
| int | xtables_init_all (struct xtables_globals *xtp, uint8_t nfproto) |
| struct xtables_match * | xtables_find_match (const char *name, enum xtables_tryload, struct xtables_rule_match **match) |
| struct xtables_target * | xtables_find_target (const char *name, enum xtables_tryload) |
| int | xtables_compatible_revision (const char *name, uint8_t revision, int opt) |
| void | xtables_rule_matches_free (struct xtables_rule_match **matches) |
| void | xtables_register_match (struct xtables_match *me) |
| void | xtables_register_matches (struct xtables_match *, unsigned int) |
| void | xtables_register_target (struct xtables_target *me) |
| void | xtables_register_targets (struct xtables_target *, unsigned int) |
| bool | xtables_strtoul (const char *, char **, uintmax_t *, uintmax_t, uintmax_t) |
| xtables_strtou{i,l} - string to number conversion : input string : like strtoul's "end" pointer : pointer for result : minimum accepted value : maximum accepted value More... | |
| bool | xtables_strtoui (const char *, char **, unsigned int *, unsigned int, unsigned int) |
| int | xtables_service_to_port (const char *name, const char *proto) |
| u_int16_t | xtables_parse_port (const char *port, const char *proto) |
| void | xtables_parse_interface (const char *arg, char *vianame, unsigned char *mask) |
| void | xtables_param_act (unsigned int, const char *,...) |
| xtables_param_act - act on condition : a constant from enum xtables_exittype More... | |
| const char * | xtables_ipaddr_to_numeric (const struct in_addr *) |
| const char * | xtables_ipaddr_to_anyname (const struct in_addr *) |
| const char * | xtables_ipmask_to_numeric (const struct in_addr *) |
| struct in_addr * | xtables_numeric_to_ipaddr (const char *) |
| struct in_addr * | xtables_numeric_to_ipmask (const char *) |
| int | xtables_ipmask_to_cidr (const struct in_addr *) |
| void | xtables_ipparse_any (const char *, struct in_addr **, struct in_addr *, unsigned int *) |
| xtables_ipparse_any - transform arbitrary name to in_addr More... | |
| void | xtables_ipparse_multiple (const char *, struct in_addr **, struct in_addr **, unsigned int *) |
| struct in6_addr * | xtables_numeric_to_ip6addr (const char *) |
| const char * | xtables_ip6addr_to_numeric (const struct in6_addr *) |
| const char * | xtables_ip6addr_to_anyname (const struct in6_addr *) |
| const char * | xtables_ip6mask_to_numeric (const struct in6_addr *) |
| int | xtables_ip6mask_to_cidr (const struct in6_addr *) |
| void | xtables_ip6parse_any (const char *, struct in6_addr **, struct in6_addr *, unsigned int *) |
| void | xtables_ip6parse_multiple (const char *, struct in6_addr **, struct in6_addr **, unsigned int *) |
| void | xtables_save_string (const char *value) |
| Print the specified value to standard output, quoting dangerous characters if required. More... | |
| void | xtables_print_num (uint64_t number, unsigned int format) |
| u_int16_t | xtables_parse_protocol (const char *s) |
| void | get_kernel_version (void) |
| void | xtables_option_metavalidate (const char *, const struct xt_option_entry *) |
| Verifies that an extension's option map descriptor is valid, and ought to be called right after the extension has been loaded, and before option merging/xfrm. More... | |
| struct option * | xtables_options_xfrm (struct option *, struct option *, const struct xt_option_entry *, unsigned int *) |
| Creates getopt options from the x6-style option map, and assigns each a getopt id. More... | |
| void | xtables_option_parse (struct xt_option_call *) |
| The master option parsing routine. More... | |
| void | xtables_option_tpcall (unsigned int, char **, bool, struct xtables_target *, void *) |
| |
| void | xtables_option_mpcall (unsigned int, char **, bool, struct xtables_match *, void *) |
| |
| void | xtables_option_tfcall (struct xtables_target *) |
| Dispatch arguments to the appropriate final_check function, based upon the extension's choice of API. More... | |
| void | xtables_option_mfcall (struct xtables_match *) |
| Dispatch arguments to the appropriate final_check function, based upon the extension's choice of API. More... | |
| void | xtables_options_fcheck (const char *, unsigned int, const struct xt_option_entry *) |
| struct xtables_lmap * | xtables_lmap_init (const char *) |
| void | xtables_lmap_free (struct xtables_lmap *) |
| int | xtables_lmap_name2id (const struct xtables_lmap *, const char *) |
| const char * | xtables_lmap_id2name (const struct xtables_lmap *, int) |
| #define _init __attribute__((constructor)) _INIT |
| #define aligned_u64 u_int64_t __attribute__((aligned(8))) |
| #define FMT | ( | tab, | |
| notab | |||
| ) | ((format) & FMT_NOTABLE ? (notab) : (tab)) |
| #define FMT_KILOMEGAGIGA 0x0004 |
| #define FMT_LINENUMBERS 0x0100 |
| #define FMT_NOCOUNTS 0x0002 |
| #define FMT_NONEWLINE 0x0080 |
| #define FMT_NOTABLE 0x0010 |
| #define FMT_NOTARGET 0x0020 |
| #define FMT_NUMERIC 0x0001 |
| #define FMT_OPTIONS 0x0008 |
| #define FMT_PRINT_RULE |
| #define FMT_VIA 0x0040 |
| #define IPPROTO_DCCP 33 |
| #define IPPROTO_MH 135 |
| #define IPPROTO_SCTP 132 |
| #define IPPROTO_UDPLITE 136 |
| #define LINUX_VERSION | ( | x, | |
| y, | |||
| z | |||
| ) | (0x10000*(x) + 0x100*(y) + z) |
Referenced by get_kernel_version().
| #define LINUX_VERSION_MAJOR | ( | x | ) | (((x)>>16) & 0xFF) |
| #define LINUX_VERSION_MINOR | ( | x | ) | (((x)>> 8) & 0xFF) |
| #define LINUX_VERSION_PATCH | ( | x | ) | ( (x) & 0xFF) |
| #define xtables_error (xt_params->exit_err) |
| #define XTOPT_POINTER | ( | stype, | |
| member | |||
| ) |
| enum xt_option_flags |
XTOPT_INVERT: option is invertible (usable with !) XTOPT_MAND: option is mandatory XTOPT_MULTI: option may be specified multiple times XTOPT_PUT: store value into memory at XTOPT_NBO: store value in network-byte order (only certain XTTYPEs recognize this)
| Enumerator | |
|---|---|
| XTOPT_INVERT | |
| XTOPT_MAND | |
| XTOPT_MULTI | |
| XTOPT_PUT | |
| XTOPT_NBO | |
| enum xt_option_type |
Select the format the input has to conform to, as well as the target type (area pointed to with XTOPT_POINTER).
Note that the storing is not always uniform. ->val will be populated with as much as there is space, i.e. exactly 2 items for ranges, but the target area can receive more values (e.g. in case of ranges), or less values (e.g. XTTYPE_HOSTMASK).
XTTYPE_NONE: option takes no argument XTTYPE_UINT*: standard integer XTTYPE_UINT*RC: colon-separated range of standard integers XTTYPE_DOUBLE: double-precision floating point number XTTYPE_STRING: arbitrary string XTTYPE_TOSMASK: 8-bit TOS value with optional mask XTTYPE_MARKMASK32: 32-bit mark with optional mask XTTYPE_SYSLOGLEVEL: syslog level by name or number XTTYPE_HOST: one host or address (ptr: union nf_inet_addr) XTTYPE_HOSTMASK: one host or address, with an optional prefix length (ptr: union nf_inet_addr; only host portion is stored) XTTYPE_PROTOCOL: protocol number/name from /etc/protocols (ptr: uint8_t) XTTYPE_PORT: 16-bit port name or number (supports XTOPT_NBO) XTTYPE_PORTRC: colon-separated port range (names acceptable), (supports XTOPT_NBO) XTTYPE_PLEN: prefix length XTTYPE_PLENMASK: prefix length (ptr: union nf_inet_addr) XTTYPE_ETHERMAC: Ethernet MAC address in hex form
| enum xtables_exittype |
| enum xtables_ext_flags |
| enum xtables_tryload |
| void get_kernel_version | ( | void | ) |
| void* xtables_calloc | ( | size_t | , |
| size_t | |||
| ) |
xtables_*alloc - wrappers that exit on failure
References NULL.
Referenced by command_default(), do_command4(), do_command6(), and do_commandarp().
| int xtables_compatible_revision | ( | const char * | name, |
| uint8_t | revision, | ||
| int | opt | ||
| ) |
References xtables_afinfo::family, xtables_afinfo::ipproto, xt_get_revision::name, xt_get_revision::revision, s, sockfd, xtables_load_ko(), and xtables_modprobe_program.
| struct xtables_match* xtables_find_match | ( | const char * | name, |
| enum | xtables_tryload, | ||
| struct xtables_rule_match ** | match | ||
| ) |
References xtables_rule_match::completed, xtables_globals::exit_err, xtables_afinfo::libprefix, xtables_match::loaded, xtables_match::m, xtables_rule_match::match, xtables_match::mflags, xtables_match::name, xtables_match::next, xtables_rule_match::next, NULL, PARAMETER_PROBLEM, xtables_match::udata, XT_EXTENSION_MAXNAMELEN, xt_params, xtables_error, xtables_malloc(), XTF_DONT_LOAD, XTF_DURING_LOAD, and XTF_LOAD_MUST_SUCCEED.
Referenced by do_command4(), do_command6(), and do_commandx().
| struct xtables_target* xtables_find_target | ( | const char * | name, |
| enum | xtables_tryload | ||
| ) |
References xtables_globals::exit_err, xtables_afinfo::libprefix, xtables_target::loaded, xtables_target::name, xtables_target::next, NULL, PARAMETER_PROBLEM, xtables_target::used, xt_params, XTC_LABEL_ACCEPT, XTC_LABEL_DROP, XTC_LABEL_QUEUE, XTC_LABEL_RETURN, XTF_DONT_LOAD, XTF_DURING_LOAD, and XTF_LOAD_MUST_SUCCEED.
Referenced by do_command4(), do_command6(), do_commandarp(), do_commandx(), nft_parse_target(), nft_rule_to_arptables_command_state(), nft_rule_to_iptables_command_state(), print_rule4(), and print_rule6().
| void xtables_free_opts | ( | int | reset_offset | ) |
References NULL, xtables_globals::opts, xtables_globals::orig_opts, and xt_params.
Referenced by do_command4(), do_command6(), do_commandx(), get_kernel_version(), ip6tables_exit_error(), iptables_exit_error(), xtables_exit_error(), xtables_merge_options(), and xtables_options_xfrm().
| void xtables_init | ( | void | ) |
References NULL.
Referenced by xtables_arp_main(), and xtables_init_all().
| int xtables_init_all | ( | struct xtables_globals * | xtp, |
| uint8_t | nfproto | ||
| ) |
References xtables_init(), xtables_set_nfproto(), and xtables_set_params().
Referenced by ip6tables_main(), ip6tables_restore_main(), ip6tables_save_main(), iptables_main(), iptables_restore_main(), iptables_save_main(), and xtables_events_main().
| int xtables_insmod | ( | const char * | , |
| const char * | , | ||
| bool | |||
| ) |
| const char* xtables_ip6addr_to_anyname | ( | const struct in6_addr * | ) |
| const char* xtables_ip6addr_to_numeric | ( | const struct in6_addr * | ) |
Referenced by xtables_ip6addr_to_anyname(), and xtables_ip6mask_to_numeric().
| int xtables_ip6mask_to_cidr | ( | const struct in6_addr * | ) |
| const char* xtables_ip6mask_to_numeric | ( | const struct in6_addr * | ) |
References buf, xtables_ip6addr_to_numeric(), and xtables_ip6mask_to_cidr().
| void xtables_ip6parse_multiple | ( | const char * | , |
| struct in6_addr ** | , | ||
| struct in6_addr ** | , | ||
| unsigned int * | |||
| ) |
References xtables_globals::exit_err, len, name, NULL, PARAMETER_PROBLEM, xt_params, xtables_malloc(), and xtables_realloc().
Referenced by do_command6().
| const char* xtables_ipaddr_to_anyname | ( | const struct in_addr * | ) |
| const char* xtables_ipaddr_to_numeric | ( | const struct in_addr * | ) |
References buf.
Referenced by xtables_ipaddr_to_anyname(), and xtables_ipmask_to_numeric().
| int xtables_ipmask_to_cidr | ( | const struct in_addr * | ) |
| const char* xtables_ipmask_to_numeric | ( | const struct in_addr * | ) |
References buf, xtables_ipaddr_to_numeric(), and xtables_ipmask_to_cidr().
| void xtables_ipparse_multiple | ( | const char * | , |
| struct in_addr ** | , | ||
| struct in_addr ** | , | ||
| unsigned int * | |||
| ) |
References xtables_globals::exit_err, len, name, NULL, PARAMETER_PROBLEM, xt_params, xtables_malloc(), and xtables_realloc().
Referenced by do_command4().
| void xtables_lmap_free | ( | struct xtables_lmap * | ) |
References xtables_lmap::name, xtables_lmap::next, and NULL.
Referenced by xtables_lmap_init().
| const char* xtables_lmap_id2name | ( | const struct xtables_lmap * | , |
| int | |||
| ) |
References xtables_lmap::id, xtables_lmap::name, xtables_lmap::next, and NULL.
| struct xtables_lmap* xtables_lmap_init | ( | const char * | ) |
| int xtables_lmap_name2id | ( | const struct xtables_lmap * | , |
| const char * | |||
| ) |
References xtables_lmap::id, xtables_lmap::name, xtables_lmap::next, and NULL.
| int xtables_load_ko | ( | const char * | , |
| bool | |||
| ) |
References xtables_afinfo::kmod, xtables_afinfo::proc_exists, and xtables_insmod().
Referenced by do_command4(), do_command6(), and xtables_compatible_revision().
| void* xtables_malloc | ( | size_t | ) |
References NULL.
Referenced by for_each_chain4(), for_each_chain6(), xtables_find_match(), xtables_ip6parse_multiple(), and xtables_ipparse_multiple().
| struct option* xtables_merge_options | ( | struct option * | origopts, |
| struct option * | oldopts, | ||
| const struct option * | newopts, | ||
| unsigned int * | option_offset | ||
| ) |
References NULL, xtables_globals::option_offset, XT_OPTION_OFFSET_SCALE, xt_params, and xtables_free_opts().
Referenced by command_default().
| struct in_addr* xtables_numeric_to_ipaddr | ( | const char * | ) |
| struct in_addr* xtables_numeric_to_ipmask | ( | const char * | ) |
| void xtables_option_metavalidate | ( | const char * | , |
| const struct xt_option_entry * | |||
| ) |
Verifies that an extension's option map descriptor is valid, and ought to be called right after the extension has been loaded, and before option merging/xfrm.
References ARRAY_SIZE, xtables_globals::exit_err, xt_option_entry::flags, xt_option_entry::id, xt_option_entry::name, NULL, OTHER_PROBLEM, xt_option_entry::ptroff, xt_option_entry::size, xt_option_entry::type, XT_OPTION_OFFSET_SCALE, xt_params, and XTOPT_PUT.
Referenced by xtables_register_match(), and xtables_register_target().
| void xtables_option_mfcall | ( | struct xtables_match * | ) |
Dispatch arguments to the appropriate final_check function, based upon the extension's choice of API.
References xt_entry_match::data, xt_fcheck_call::data, xt_fcheck_call::ext_name, xtables_match::final_check, xtables_match::m, xtables_match::mflags, xtables_match::name, NULL, xt_fcheck_call::udata, xtables_match::udata, xtables_match::x6_fcheck, xtables_match::x6_options, xt_fcheck_call::xflags, and xtables_options_fcheck().
Referenced by do_command4(), do_command6(), and do_commandx().
| void xtables_option_mpcall | ( | unsigned int | c, |
| char ** | argv, | ||
| bool | invert, | ||
| struct xtables_match * | m, | ||
| void * | fw | ||
| ) |
: getopt id (i.e.
with offset) : struct ipt_entry or ip6t_entry
Dispatch arguments to the appropriate parse function, based upon the extension's choice of API.
References xt_option_call::arg, xt_entry_match::data, xt_option_call::data, xt_option_call::entry, xt_option_call::ext_name, xt_option_call::invert, xtables_match::m, xt_option_call::match, xtables_match::mflags, xtables_match::name, NULL, xtables_match::option_offset, OTHER_PROBLEM, xtables_match::parse, xt_option_call::udata, xtables_match::udata, xtables_match::x6_options, xtables_match::x6_parse, xt_option_call::xflags, xt_option_call::xt_entry, and xtables_error.
Referenced by command_default().
| void xtables_option_parse | ( | struct xt_option_call * | cb | ) |
The master option parsing routine.
May be used for the ".x6_parse" function pointer in extensions if fully automatic parsing is desired. It may be also called manually from a custom x6_parse function.
References ARRAY_SIZE, xt_option_call::entry, xt_option_entry::excl, xtables_globals::exit_err, xt_option_call::ext_name, xt_option_entry::flags, xt_option_entry::id, xt_option_call::invert, xt_option_entry::name, NULL, xt_option_call::nvals, PARAMETER_PROBLEM, xt_option_entry::type, xt_option_call::xflags, xt_params, XTOPT_INVERT, XTOPT_MULTI, and XTTYPE_NONE.
| void xtables_option_tfcall | ( | struct xtables_target * | ) |
Dispatch arguments to the appropriate final_check function, based upon the extension's choice of API.
References xt_entry_target::data, xt_fcheck_call::data, xt_fcheck_call::ext_name, xtables_target::final_check, xtables_target::name, NULL, xtables_target::t, xtables_target::tflags, xt_fcheck_call::udata, xtables_target::udata, xtables_target::x6_fcheck, xtables_target::x6_options, xt_fcheck_call::xflags, and xtables_options_fcheck().
Referenced by do_command4(), do_command6(), do_commandarp(), and do_commandx().
| void xtables_option_tpcall | ( | unsigned int | c, |
| char ** | argv, | ||
| bool | invert, | ||
| struct xtables_target * | t, | ||
| void * | fw | ||
| ) |
: getopt id (i.e.
with offset) : struct ipt_entry or ip6t_entry
Dispatch arguments to the appropriate parse function, based upon the extension's choice of API.
References xt_option_call::arg, xt_entry_target::data, xt_option_call::data, xt_option_call::entry, xt_option_call::ext_name, xt_option_call::invert, xtables_target::name, NULL, xtables_target::option_offset, OTHER_PROBLEM, xtables_target::parse, xtables_target::t, xt_option_call::target, xtables_target::tflags, xt_option_call::udata, xtables_target::udata, xtables_target::x6_options, xtables_target::x6_parse, xt_option_call::xflags, xt_option_call::xt_entry, and xtables_error.
Referenced by command_default(), and do_commandarp().
| void xtables_options_fcheck | ( | const char * | , |
| unsigned | int, | ||
| const struct xt_option_entry * | |||
| ) |
References xtables_globals::exit_err, xt_option_entry::flags, xt_option_entry::id, xt_option_entry::name, NULL, PARAMETER_PROBLEM, xt_params, and XTOPT_MAND.
Referenced by xtables_option_mfcall(), and xtables_option_tfcall().
| struct option* xtables_options_xfrm | ( | struct option * | , |
| struct option * | , | ||
| const struct xt_option_entry * | , | ||
| unsigned int * | |||
| ) |
Creates getopt options from the x6-style option map, and assigns each a getopt id.
References xt_option_entry::id, xt_option_entry::name, NULL, xtables_globals::option_offset, xt_option_entry::type, XT_OPTION_OFFSET_SCALE, xt_params, xtables_free_opts(), and XTTYPE_NONE.
Referenced by command_default().
| void xtables_param_act | ( | unsigned int | status, |
| const char * | p1, | ||
| ... | |||
| ) |
xtables_param_act - act on condition : a constant from enum xtables_exittype
XTF_ONLY_ONCE: print error message that option may only be used once. : module name (e.g. "mark") (...): option in conflict (e.g. "--mark") (...): condition to match on (see extensions/ for examples)
XTF_NO_INVERT: option does not support inversion : module name : option in conflict : condition to match on
XTF_BAD_VALUE: bad value for option : module name : option with which the problem occured (e.g. "--mark") : string the user passed in (e.g. "99999999999999")
XTF_ONE_ACTION: two mutually exclusive actions have been specified : module name
Displays an error message and exits the program.
References xtables_globals::exit_err, PARAMETER_PROBLEM, xt_params, XTF_BAD_VALUE, XTF_NO_INVERT, XTF_ONE_ACTION, and XTF_ONLY_ONCE.
| void xtables_parse_interface | ( | const char * | arg, |
| char * | vianame, | ||
| unsigned char * | mask | ||
| ) |
References xtables_globals::exit_err, IFNAMSIZ, PARAMETER_PROBLEM, and xt_params.
Referenced by do_command4(), do_command6(), and do_commandx().
| u_int16_t xtables_parse_port | ( | const char * | port, |
| const char * | proto | ||
| ) |
References xtables_globals::exit_err, NULL, PARAMETER_PROBLEM, xt_params, xtables_service_to_port(), and xtables_strtoui().
| u_int16_t xtables_parse_protocol | ( | const char * | s | ) |
References ARRAY_SIZE, xtables_globals::exit_err, NULL, PARAMETER_PROBLEM, xt_params, and xtables_strtoui().
Referenced by do_command4(), do_command6(), and do_commandx().
| void xtables_print_num | ( | uint64_t | number, |
| unsigned int | format | ||
| ) |
References FMT, and FMT_KILOMEGAGIGA.
Referenced by print_firewall_details(), and print_header().
| void* xtables_realloc | ( | void * | , |
| size_t | |||
| ) |
References NULL.
Referenced by xtables_ip6parse_multiple(), and xtables_ipparse_multiple().
| void xtables_register_match | ( | struct xtables_match * | me | ) |
References xtables_match::extra_opts, xtables_afinfo::family, xtables_match::family, xtables_match::name, xtables_match::next, NPROTO, NULL, xtables_globals::program_name, xtables_match::revision, xtables_match::version, xtables_match::x6_options, XT_EXTENSION_MAXNAMELEN, xt_params, xtables_option_metavalidate(), and xtables_pending_matches.
Referenced by _init(), and xtables_register_matches().
| void xtables_register_matches | ( | struct xtables_match * | , |
| unsigned | int | ||
| ) |
References xtables_register_match().
Referenced by _init().
| void xtables_register_target | ( | struct xtables_target * | me | ) |
References xtables_target::extra_opts, xtables_afinfo::family, xtables_target::family, xtables_target::name, xtables_target::next, NPROTO, NULL, xtables_globals::program_name, xtables_target::revision, xtables_target::version, xtables_target::x6_options, XT_EXTENSION_MAXNAMELEN, xt_params, xtables_option_metavalidate(), and xtables_pending_targets.
Referenced by _init(), and xtables_register_targets().
| void xtables_register_targets | ( | struct xtables_target * | , |
| unsigned | int | ||
| ) |
References xtables_register_target().
Referenced by _init().
| void xtables_rule_matches_free | ( | struct xtables_rule_match ** | matches | ) |
References xtables_match::m, xtables_rule_match::match, xtables_match::next, xtables_rule_match::next, and NULL.
Referenced by do_command4(), do_command6(), and do_commandx().
| void xtables_save_string | ( | const char * | value | ) |
Print the specified value to standard output, quoting dangerous characters if required.
References NULL.
| int xtables_service_to_port | ( | const char * | name, |
| const char * | proto | ||
| ) |
| void xtables_set_nfproto | ( | uint8_t | ) |
References NFPROTO_IPV4, and NFPROTO_IPV6.
Referenced by do_commandx(), and xtables_init_all().
| int xtables_set_params | ( | struct xtables_globals * | xtp | ) |
xtables_set_params - set the global parameters used by xtables : input xtables_globals structure
The app is expected to pass a valid xtables_globals data-filled with proper values cannot be NULL
Returns -1 on failure to set and 0 on success
References basic_exit_err(), xtables_globals::exit_err, and xt_params.
Referenced by iptables_xml_main(), xtables_arp_main(), and xtables_init_all().
References NULL, and xtables_strtoul().
Referenced by xtables_parse_port(), and xtables_parse_protocol().
| bool xtables_strtoul | ( | const char * | s, |
| char ** | end, | ||
| uintmax_t * | value, | ||
| uintmax_t | min, | ||
| uintmax_t | max | ||
| ) |
xtables_strtou{i,l} - string to number conversion : input string : like strtoul's "end" pointer : pointer for result : minimum accepted value : maximum accepted value
If is NULL, we assume the caller wants a "strict strtoul", and hence "15a" is rejected. In either case, the value obtained is compared for min-max compliance. Base is always 0, i.e. autodetect depending on .
Returns true/false whether number was accepted. On failure, *value has undefined contents.
References NULL.
Referenced by xtables_strtoui().
| int kernel_version |
| struct xtables_globals* xt_params |
Referenced by basic_exit_err(), do_command4(), do_command6(), do_commandx(), ip6tables_restore_main(), iptables_restore_main(), xtables_find_match(), xtables_find_target(), xtables_free_opts(), xtables_ip6parse_multiple(), xtables_ipparse_multiple(), xtables_merge_options(), xtables_option_metavalidate(), xtables_option_parse(), xtables_options_fcheck(), xtables_options_xfrm(), xtables_param_act(), xtables_parse_interface(), xtables_parse_port(), xtables_parse_protocol(), xtables_register_match(), xtables_register_target(), and xtables_set_params().
| const struct xtables_pprot xtables_chain_protos[] |
Referenced by proto_to_name().
| struct xtables_match* xtables_matches |
Referenced by do_command4(), do_command6(), and do_commandx().
| const char* xtables_modprobe_program |
| struct xtables_target* xtables_targets |
Referenced by do_command4(), do_command6(), do_commandarp(), and do_commandx().
1.8.8 
