xtables-5.h

   1 /*
   2  * firewall3 - 3rd OpenWrt UCI firewall implementation
   3  *
   4  *   Copyright (C) 2013 Jo-Philipp Wich <jo@mein.io>
   5  *
   6  * Permission to use, copy, modify, and/or distribute this software for any
   7  * purpose with or without fee is hereby granted, provided that the above
   8  * copyright notice and this permission notice appear in all copies.
   9  *
  10  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
  11  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
  12  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
  13  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
  14  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
  15  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  16  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  17  */
  18
  19 #ifndef __FW3_XTABLES_5_H
  20 #define __FW3_XTABLES_5_H
  21
  22 static inline void
  23 fw3_xt_reset(void)
  24 {
  25         xtables_matches = NULL;
  26         xtables_targets = NULL;
  27 }
  28
  29
  30 static inline const char *
  31 fw3_xt_get_match_name(struct xtables_match *m)
  32 {
  33     return m->m->u.user.name;
  34 }
  35
  36 static inline void
  37 fw3_xt_set_match_name(struct xtables_match *m)
  38 {
  39     strcpy(m->m->u.user.name, m->name);
  40 }
  41
  42 static inline bool
  43 fw3_xt_has_match_parse(struct xtables_match *m)
  44 {
  45     return !!m->parse;
  46 }
  47
  48 static inline void
  49 fw3_xt_free_match_udata(struct xtables_match *m)
  50 {
  51     return;
  52 }
  53
  54 static inline void
  55 fw3_xt_merge_match_options(struct xtables_globals *g, struct xtables_match *m)
  56 {
  57         g->opts = xtables_merge_options(g->opts, m->extra_opts, &m->option_offset);
  58 }
  59
  60
  61 static inline const char *
  62 fw3_xt_get_target_name(struct xtables_target *t)
  63 {
  64     return t->t->u.user.name;
  65 }
  66
  67 static inline void
  68 fw3_xt_set_target_name(struct xtables_target *t, const char *name)
  69 {
  70     strcpy(t->t->u.user.name, name);
  71 }
  72
  73 static inline bool
  74 fw3_xt_has_target_parse(struct xtables_target *t)
  75 {
  76     return !!t->parse;
  77 }
  78
  79 static inline void
  80 fw3_xt_free_target_udata(struct xtables_target *t)
  81 {
  82     return;
  83 }
  84
  85 static inline void
  86 fw3_xt_merge_target_options(struct xtables_globals *g, struct xtables_target *t)
  87 {
  88         g->opts = xtables_merge_options(g->opts, t->extra_opts, &t->option_offset);
  89 }
  90
  91 static inline void
  92 fw3_xt_print_matches(void *ip, struct xtables_rule_match *matches)
  93 {
  94         struct xtables_rule_match *rm;
  95         struct xtables_match *m;
  96
  97         printf(" ");
  98
  99         for (rm = matches; rm; rm = rm->next)
 100         {
 101                 m = rm->match;
 102                 printf("-m %s ", fw3_xt_get_match_name(m));
 103
 104                 if (m->save)
 105                         m->save(ip, m->m);
 106         }
 107 }
 108
 109 static inline void
 110 fw3_xt_print_target(void *ip, struct xtables_target *target)
 111 {
 112         if (target)
 113         {
 114                 printf("-j %s ", fw3_xt_get_target_name(target));
 115
 116                 if (target->save)
 117                         target->save(ip, target->t);
 118         }
 119 }
 120
 121
 122 /* xtables api addons */
 123
 124 static inline void
 125 xtables_option_mpcall(unsigned int c, char **argv, bool invert,
 126                       struct xtables_match *m, void *fw)
 127 {
 128         if (m->parse)
 129                 m->parse(c - m->option_offset, argv, invert, &m->mflags, fw, &m->m);
 130 }
 131
 132 static inline void
 133 xtables_option_mfcall(struct xtables_match *m)
 134 {
 135         if (m->final_check)
 136                 m->final_check(m->mflags);
 137 }
 138
 139 static inline void
 140 xtables_option_tpcall(unsigned int c, char **argv, bool invert,
 141                       struct xtables_target *t, void *fw)
 142 {
 143         if (t->parse)
 144                 t->parse(c - t->option_offset, argv, invert, &t->tflags, fw, &t->t);
 145 }
 146
 147 static inline void
 148 xtables_option_tfcall(struct xtables_target *t)
 149 {
 150         if (t->final_check)
 151                 t->final_check(t->tflags);
 152 }
 153
 154 static inline void
 155 xtables_rule_matches_free(struct xtables_rule_match **matches)
 156 {
 157         struct xtables_rule_match *mp, *tmp;
 158
 159         for (mp = *matches; mp;)
 160         {
 161                 tmp = mp->next;
 162
 163                 if (mp->match->m)
 164                 {
 165                         free(mp->match->m);
 166                         mp->match->m = NULL;
 167                 }
 168
 169                 if (mp->match == mp->match->next)
 170                 {
 171                         free(mp->match);
 172                         mp->match = NULL;
 173                 }
 174
 175                 free(mp);
 176                 mp = tmp;
 177         }
 178
 179         *matches = NULL;
 180 }
 181
 182 static inline int
 183 xtables_ipmask_to_cidr(const struct in_addr *mask)
 184 {
 185         int bits;
 186         uint32_t m;
 187
 188         for (m = ntohl(mask->s_addr), bits = 0; m & 0x80000000; m <<= 1)
 189                 bits++;
 190
 191         return bits;
 192 }
 193
 194 static inline int
 195 xtables_ip6mask_to_cidr(const struct in6_addr *mask)
 196 {
 197         int bits = 0;
 198         uint32_t a, b, c, d;
 199
 200         a = ntohl(mask->s6_addr32[0]);
 201         b = ntohl(mask->s6_addr32[1]);
 202         c = ntohl(mask->s6_addr32[2]);
 203         d = ntohl(mask->s6_addr32[3]);
 204
 205         while (a & 0x80000000U)
 206         {
 207                 a <<= 1;
 208                 a  |= (b >> 31) & 1;
 209                 b <<= 1;
 210                 b  |= (c >> 31) & 1;
 211                 c <<= 1;
 212                 c  |= (d >> 31) & 1;
 213                 d <<= 1;
 214
 215                 bits++;
 216         }
 217
 218         return bits;
 219 }
 220
 221 #endif