[platform/core/connectivity/stc-iptables.git] / src / helper / helper-iptables.h

/*
 *  Copyright (c) 2016 Samsung Electronics Co., Ltd.
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License version 2 as
 *  published by the Free Software Foundation.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with this program; if not, write to the Free Software
 *  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 */

/*
 * Manage iptables rule using libiptc
 */
#ifndef __STC_HELPER_IPTABLES_H__
#define __STC_HELPER_IPTABLES_H__

#include <libiptc/libiptc.h>

#define RULE_SIZE     64

typedef enum {
        IPTABLES_CHAIN_INPUT,
        IPTABLES_CHAIN_OUTPUT
} iptables_chain_e;

typedef enum {
        IPTABLES_DIRECTION_NONE,
        IPTABLES_DIRECTION_IN,
        IPTABLES_DIRECTION_OUT
} iptables_direction_e;

typedef enum {
        IPTABLES_IP_NONE,
        IPTABLES_IP_SINGLE,
        IPTABLES_IP_MASK,
        IPTABLES_IP_RANGE
} iptables_ip_type_e;

typedef enum {
        IPTABLES_PORT_NONE,
        IPTABLES_PORT_SINGLE,
        IPTABLES_PORT_RANGE
} iptables_port_type_e;

typedef enum {
        IPTABLES_PROTOCOL_NONE,
        IPTABLES_PROTOCOL_TCP,
        IPTABLES_PROTOCOL_UDP,
        IPTABLES_PROTOCOL_ICMP,
        IPTABLES_PROTOCOL_ESP,
        IPTABLES_PROTOCOL_AH,
        IPTABLES_PROTOCOL_SCTP,
        IPTABLES_PROTOCOL_MH,
        IPTABLES_PROTOCOL_ALL,
} iptables_protocol_type_e;

typedef enum {
        IPTABLES_ACTION_NONE,
        IPTABLES_ACTION_ACCEPT,
        IPTABLES_ACTION_DROP,
        IPTABLES_ACTION_LOG,
        IPTABLES_ACTION_NFLOG,
} iptables_target_action_e;

typedef struct {
        char *chain;
        iptables_direction_e direction;
        iptables_ip_type_e s_ip_type;
        iptables_ip_type_e d_ip_type;
        iptables_port_type_e s_port_type;
        iptables_port_type_e d_port_type;
        iptables_protocol_type_e protocol;
        struct in_addr s_ip1;
        struct in_addr s_ip2;
        struct in_addr d_ip1;
        struct in_addr d_ip2;
        unsigned int s_port1;
        unsigned int s_port2;
        unsigned int d_port1;
        unsigned int d_port2;
        char *ifname;
        int classid;
        char *nfacct_name;
        char *target;
        iptables_target_action_e target_type;
        unsigned char log_level;
        char *log_prefix;
        unsigned int nflog_group;
        char *nflog_prefix;
        unsigned int nflog_range;
        unsigned int nflog_threshold;
} iptables_rule_s;

/**
 * @desc This function adds a new iptables rule.
 * @return 0 on success and negative value if error.
 */
int iptables_add_rule(iptables_rule_s *rule);

/**
 * @desc This function inserts a new iptables rule.
 * @return 0 on success and negative value if error.
 */
int iptables_insert_rule(iptables_rule_s *rule);

/**
 * @desc This function removes already set iptables rule.
 * @return 0 on success and negative value if error.
 */
int iptables_remove_rule(iptables_rule_s *rule);

/**
 * @desc This function adds a new iptables chain.
 * @return 0 on success and negative value if error.
 */
int iptables_add_chain(const char *chain);

/**
 * @desc This function removes already set iptables chain.
 * @return 0 on success and negative value if error.
 */
int iptables_remove_chain(const char *chain);

/**
 * @desc This function flushes all iptables rules in chain.
 * @return 0 on success and negative value if error.
 */
int iptables_flush_chain(const char *chain);

#endif /*__STC_HELPER_IPTABLES_H__*/