c72edb0637
Signed-off-by: Zhe Weng <wengzhe@xiaomi.com>
156 lines
5.1 KiB
C
156 lines
5.1 KiB
C
/****************************************************************************
|
|
* net/netfilter/iptables.h
|
|
*
|
|
* Licensed to the Apache Software Foundation (ASF) under one or more
|
|
* contributor license agreements. See the NOTICE file distributed with
|
|
* this work for additional information regarding copyright ownership. The
|
|
* ASF licenses this file to you under the Apache License, Version 2.0 (the
|
|
* "License"); you may not use this file except in compliance with the
|
|
* License. You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
* License for the specific language governing permissions and limitations
|
|
* under the License.
|
|
*
|
|
****************************************************************************/
|
|
|
|
#ifndef __NET_NETFILTER_IPTABLES_H
|
|
#define __NET_NETFILTER_IPTABLES_H
|
|
|
|
/****************************************************************************
|
|
* Included Files
|
|
****************************************************************************/
|
|
|
|
#include <nuttx/config.h>
|
|
|
|
#include <nuttx/net/net.h>
|
|
#include <nuttx/net/netfilter/ip_tables.h>
|
|
#include <nuttx/net/netfilter/ip6_tables.h>
|
|
|
|
#ifdef CONFIG_NET_IPTABLES
|
|
|
|
/****************************************************************************
|
|
* Public Function Prototypes
|
|
****************************************************************************/
|
|
|
|
/****************************************************************************
|
|
* Name: ipt_setsockopt
|
|
*
|
|
* Description:
|
|
* setsockopt function of iptables.
|
|
*
|
|
****************************************************************************/
|
|
|
|
#ifdef CONFIG_NET_IPv4
|
|
int ipt_setsockopt(FAR struct socket *psock, int option,
|
|
FAR const void *value, socklen_t value_len);
|
|
#endif
|
|
#ifdef CONFIG_NET_IPv6
|
|
int ip6t_setsockopt(FAR struct socket *psock, int option,
|
|
FAR const void *value, socklen_t value_len);
|
|
#endif
|
|
|
|
/****************************************************************************
|
|
* Name: ipt_getsockopt
|
|
*
|
|
* Description:
|
|
* getsockopt function of iptables.
|
|
*
|
|
****************************************************************************/
|
|
|
|
#ifdef CONFIG_NET_IPv4
|
|
int ipt_getsockopt(FAR struct socket *psock, int option,
|
|
FAR void *value, FAR socklen_t *value_len);
|
|
#endif
|
|
#ifdef CONFIG_NET_IPv6
|
|
int ip6t_getsockopt(FAR struct socket *psock, int option,
|
|
FAR void *value, FAR socklen_t *value_len);
|
|
#endif
|
|
|
|
/****************************************************************************
|
|
* Name: ipt_alloc_table
|
|
*
|
|
* Description:
|
|
* Allocate an initial table info with valid_hooks specified.
|
|
* Will generate a default entry with standard target for each valid hook,
|
|
* and an entry with error target at the end of entry table.
|
|
*
|
|
* Input Parameters:
|
|
* table - The name of the table.
|
|
* valid_hooks - The valid_hooks of the table, it's a bitmap of hooks.
|
|
*
|
|
* Returned Value:
|
|
* Newly generated ipt_replace structure.
|
|
*
|
|
****************************************************************************/
|
|
|
|
#ifdef CONFIG_NET_IPv4
|
|
FAR struct ipt_replace *ipt_alloc_table(FAR const char *table,
|
|
unsigned int valid_hooks);
|
|
#endif
|
|
#ifdef CONFIG_NET_IPv6
|
|
FAR struct ip6t_replace *ip6t_alloc_table(FAR const char *table,
|
|
unsigned int valid_hooks);
|
|
#endif
|
|
|
|
/****************************************************************************
|
|
* Name: ipt_nat_init
|
|
*
|
|
* Description:
|
|
* Init NAT table data.
|
|
*
|
|
****************************************************************************/
|
|
|
|
#ifdef CONFIG_NET_NAT
|
|
FAR struct ipt_replace *ipt_nat_init(void);
|
|
#endif
|
|
|
|
/****************************************************************************
|
|
* Name: ipt_nat_apply
|
|
*
|
|
* Description:
|
|
* Try to apply NAT rules, will do nothing if failed.
|
|
*
|
|
* Input Parameters:
|
|
* repl - The config got from user space to control NAT table.
|
|
*
|
|
****************************************************************************/
|
|
|
|
#ifdef CONFIG_NET_NAT
|
|
int ipt_nat_apply(FAR const struct ipt_replace *repl);
|
|
#endif
|
|
|
|
/****************************************************************************
|
|
* Name: ipt_filter_init
|
|
*
|
|
* Description:
|
|
* Init filter table data.
|
|
*
|
|
****************************************************************************/
|
|
|
|
#ifdef CONFIG_NET_IPFILTER
|
|
FAR struct ipt_replace *ipt_filter_init(void);
|
|
#endif
|
|
|
|
/****************************************************************************
|
|
* Name: ipt_filter_apply
|
|
*
|
|
* Description:
|
|
* Try to apply filter rules, will do nothing if failed.
|
|
*
|
|
* Input Parameters:
|
|
* repl - The config got from user space to control filter table.
|
|
*
|
|
****************************************************************************/
|
|
|
|
#ifdef CONFIG_NET_IPFILTER
|
|
int ipt_filter_apply(FAR const struct ipt_replace *repl);
|
|
#endif
|
|
|
|
#endif /* CONFIG_NET_IPTABLES */
|
|
#endif /* __NET_NETFILTER_IPTABLES_H */
|