2 * firewall3 - 3rd OpenWrt UCI firewall implementation
4 * Copyright (C) 2013 Jo-Philipp Wich <jow@openwrt.org>
6 * Permission to use, copy, modify, and/or distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above
8 * copyright notice and this permission notice appear in all copies.
10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 #ifndef __FW3_XTABLES_5_H
20 #define __FW3_XTABLES_5_H
25 xtables_matches
= NULL
;
26 xtables_targets
= NULL
;
30 static inline const char *
31 fw3_xt_get_match_name(struct xtables_match
*m
)
33 return m
->m
->u
.user
.name
;
37 fw3_xt_set_match_name(struct xtables_match
*m
)
39 strcpy(m
->m
->u
.user
.name
, m
->name
);
43 fw3_xt_has_match_parse(struct xtables_match
*m
)
49 fw3_xt_free_match_udata(struct xtables_match
*m
)
55 fw3_xt_merge_match_options(struct xtables_globals
*g
, struct xtables_match
*m
)
57 g
->opts
= xtables_merge_options(g
->opts
, m
->extra_opts
, &m
->option_offset
);
61 static inline const char *
62 fw3_xt_get_target_name(struct xtables_target
*t
)
64 return t
->t
->u
.user
.name
;
68 fw3_xt_set_target_name(struct xtables_target
*t
, const char *name
)
70 strcpy(t
->t
->u
.user
.name
, name
);
74 fw3_xt_has_target_parse(struct xtables_target
*t
)
80 fw3_xt_free_target_udata(struct xtables_target
*t
)
86 fw3_xt_merge_target_options(struct xtables_globals
*g
, struct xtables_target
*t
)
88 g
->opts
= xtables_merge_options(g
->opts
, t
->extra_opts
, &t
->option_offset
);
92 fw3_xt_print_matches(void *ip
, struct xtables_rule_match
*matches
)
94 struct xtables_rule_match
*rm
;
95 struct xtables_match
*m
;
99 for (rm
= matches
; rm
; rm
= rm
->next
)
102 printf("-m %s ", fw3_xt_get_match_name(m
));
110 fw3_xt_print_target(void *ip
, struct xtables_target
*target
)
114 printf("-j %s ", fw3_xt_get_target_name(target
));
117 target
->save(ip
, target
->t
);
122 /* xtables api addons */
125 xtables_option_mpcall(unsigned int c
, char **argv
, bool invert
,
126 struct xtables_match
*m
, void *fw
)
129 m
->parse(c
- m
->option_offset
, argv
, invert
, &m
->mflags
, fw
, &m
->m
);
133 xtables_option_mfcall(struct xtables_match
*m
)
136 m
->final_check(m
->mflags
);
140 xtables_option_tpcall(unsigned int c
, char **argv
, bool invert
,
141 struct xtables_target
*t
, void *fw
)
144 t
->parse(c
- t
->option_offset
, argv
, invert
, &t
->tflags
, fw
, &t
->t
);
148 xtables_option_tfcall(struct xtables_target
*t
)
151 t
->final_check(t
->tflags
);
155 xtables_rule_matches_free(struct xtables_rule_match
**matches
)
157 struct xtables_rule_match
*mp
, *tmp
;
159 for (mp
= *matches
; mp
;)
169 if (mp
->match
== mp
->match
->next
)
183 xtables_ipmask_to_cidr(const struct in_addr
*mask
)
188 for (m
= ntohl(mask
->s_addr
), bits
= 0; m
& 0x80000000; m
<<= 1)
195 xtables_ip6mask_to_cidr(const struct in6_addr
*mask
)
200 a
= ntohl(mask
->s6_addr32
[0]);
201 b
= ntohl(mask
->s6_addr32
[1]);
202 c
= ntohl(mask
->s6_addr32
[2]);
203 d
= ntohl(mask
->s6_addr32
[3]);
205 while (a
& 0x80000000U
)