1dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat/* 2dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat * 25-Jul-1998 Major changes to allow for ip chain table 3dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat * 4dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat * 3-Jan-2000 Named tables to allow packet selection for different uses. 5dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat */ 6dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 7dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat/* 8dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat * Format of an IP firewall descriptor 9dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat * 10dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat * src, dst, src_mask, dst_mask are always stored in network byte order. 11dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat * flags are stored in host byte order (of course). 12dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat * Port numbers are stored in HOST byte order. 13dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat */ 14dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 15dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#ifndef _IPTABLES_H 16dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#define _IPTABLES_H 17dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 18dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#include <linux/types.h> 19dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 20dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#include <linux/netfilter_ipv4.h> 21dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 22dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#include <linux/netfilter/x_tables.h> 23dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 24dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#define IPT_FUNCTION_MAXNAMELEN XT_FUNCTION_MAXNAMELEN 25dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#define IPT_TABLE_MAXNAMELEN XT_TABLE_MAXNAMELEN 26dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#define ipt_match xt_match 27dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#define ipt_target xt_target 28dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#define ipt_table xt_table 29dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#define ipt_get_revision xt_get_revision 30dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 31dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat/* Yes, Virginia, you have to zero the padding. */ 32dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehatstruct ipt_ip { 33dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat /* Source and destination IP addr */ 34dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat struct in_addr src, dst; 35dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat /* Mask for src and dest IP addr */ 36dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat struct in_addr smsk, dmsk; 37dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat char iniface[IFNAMSIZ], outiface[IFNAMSIZ]; 38dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat unsigned char iniface_mask[IFNAMSIZ], outiface_mask[IFNAMSIZ]; 39dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 40dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat /* Protocol, 0 = ANY */ 41dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat u_int16_t proto; 42dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 43dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat /* Flags word */ 44dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat u_int8_t flags; 45dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat /* Inverse flags */ 46dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat u_int8_t invflags; 47dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat}; 48dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 49dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#define ipt_entry_match xt_entry_match 50dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#define ipt_entry_target xt_entry_target 51dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#define ipt_standard_target xt_standard_target 52dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 53dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#define ipt_counters xt_counters 54dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 55dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat/* Values for "flag" field in struct ipt_ip (general ip structure). */ 56dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#define IPT_F_FRAG 0x01 /* Set if rule is a fragment rule */ 57dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#define IPT_F_GOTO 0x02 /* Set if jump is a goto */ 58dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#define IPT_F_MASK 0x03 /* All possible flag bits mask. */ 59dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 60dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat/* Values for "inv" field in struct ipt_ip. */ 61dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#define IPT_INV_VIA_IN 0x01 /* Invert the sense of IN IFACE. */ 62dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#define IPT_INV_VIA_OUT 0x02 /* Invert the sense of OUT IFACE */ 63dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#define IPT_INV_TOS 0x04 /* Invert the sense of TOS. */ 64dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#define IPT_INV_SRCIP 0x08 /* Invert the sense of SRC IP. */ 65dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#define IPT_INV_DSTIP 0x10 /* Invert the sense of DST OP. */ 66dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#define IPT_INV_FRAG 0x20 /* Invert the sense of FRAG. */ 67dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#define IPT_INV_PROTO XT_INV_PROTO 68dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#define IPT_INV_MASK 0x7F /* All possible flag bits mask. */ 69dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 70dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat/* This structure defines each of the firewall rules. Consists of 3 71dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat parts which are 1) general IP header stuff 2) match specific 72dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat stuff 3) the target to perform if the rule matches */ 731a441f49ec87ef74b978d7ae17da2a9b2ca6e811Dmitry Shmidtstruct ipt_entry { 74dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat struct ipt_ip ip; 75dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 76dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat /* Mark with fields that we care about. */ 77dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat unsigned int nfcache; 78dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 79dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat /* Size of ipt_entry + matches */ 80dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat u_int16_t target_offset; 81dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat /* Size of ipt_entry + matches + target */ 82dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat u_int16_t next_offset; 83dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 84dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat /* Back pointer */ 85dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat unsigned int comefrom; 86dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 87dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat /* Packet and byte counters. */ 88dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat struct xt_counters counters; 89dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 90dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat /* The matches (if any), then the target. */ 91dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat unsigned char elems[0]; 92dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat}; 93dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 94dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat/* 95dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat * New IP firewall options for [gs]etsockopt at the RAW IP level. 96dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat * Unlike BSD Linux inherits IP options so you don't have to use a raw 97dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat * socket for this. Instead we check rights in the calls. 98dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat * 99dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat * ATTENTION: check linux/in.h before adding new number here. 100dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat */ 101dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#define IPT_BASE_CTL 64 102dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 103dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#define IPT_SO_SET_REPLACE (IPT_BASE_CTL) 104dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#define IPT_SO_SET_ADD_COUNTERS (IPT_BASE_CTL + 1) 105dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#define IPT_SO_SET_MAX IPT_SO_SET_ADD_COUNTERS 106dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 107dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#define IPT_SO_GET_INFO (IPT_BASE_CTL) 108dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#define IPT_SO_GET_ENTRIES (IPT_BASE_CTL + 1) 109dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#define IPT_SO_GET_REVISION_MATCH (IPT_BASE_CTL + 2) 110dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#define IPT_SO_GET_REVISION_TARGET (IPT_BASE_CTL + 3) 111dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#define IPT_SO_GET_MAX IPT_SO_GET_REVISION_TARGET 112dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 113dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#define IPT_CONTINUE XT_CONTINUE 114dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#define IPT_RETURN XT_RETURN 115dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 116dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#include <linux/netfilter/xt_tcpudp.h> 117dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#define ipt_udp xt_udp 118dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#define ipt_tcp xt_tcp 119dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 120dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#define IPT_TCP_INV_SRCPT XT_TCP_INV_SRCPT 121dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#define IPT_TCP_INV_DSTPT XT_TCP_INV_DSTPT 122dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#define IPT_TCP_INV_FLAGS XT_TCP_INV_FLAGS 123dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#define IPT_TCP_INV_OPTION XT_TCP_INV_OPTION 124dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#define IPT_TCP_INV_MASK XT_TCP_INV_MASK 125dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 126dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#define IPT_UDP_INV_SRCPT XT_UDP_INV_SRCPT 127dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#define IPT_UDP_INV_DSTPT XT_UDP_INV_DSTPT 128dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#define IPT_UDP_INV_MASK XT_UDP_INV_MASK 129dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 130dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat/* ICMP matching stuff */ 1311a441f49ec87ef74b978d7ae17da2a9b2ca6e811Dmitry Shmidtstruct ipt_icmp { 132dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat u_int8_t type; /* type to match */ 133dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat u_int8_t code[2]; /* range of code */ 134dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat u_int8_t invflags; /* Inverse flags */ 135dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat}; 136dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 137dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat/* Values for "inv" field for struct ipt_icmp. */ 138dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#define IPT_ICMP_INV 0x01 /* Invert the sense of type/code test */ 139dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 140dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat/* The argument to IPT_SO_GET_INFO */ 1411a441f49ec87ef74b978d7ae17da2a9b2ca6e811Dmitry Shmidtstruct ipt_getinfo { 142dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat /* Which table: caller fills this in. */ 143dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat char name[IPT_TABLE_MAXNAMELEN]; 144dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 145dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat /* Kernel fills these in. */ 146dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat /* Which hook entry points are valid: bitmask */ 147dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat unsigned int valid_hooks; 148dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 149dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat /* Hook entry points: one per netfilter hook. */ 150dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat unsigned int hook_entry[NF_INET_NUMHOOKS]; 151dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 152dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat /* Underflow points. */ 153dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat unsigned int underflow[NF_INET_NUMHOOKS]; 154dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 155dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat /* Number of entries */ 156dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat unsigned int num_entries; 157dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 158dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat /* Size of entries. */ 159dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat unsigned int size; 160dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat}; 161dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 162dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat/* The argument to IPT_SO_SET_REPLACE. */ 1631a441f49ec87ef74b978d7ae17da2a9b2ca6e811Dmitry Shmidtstruct ipt_replace { 164dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat /* Which table. */ 165dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat char name[IPT_TABLE_MAXNAMELEN]; 166dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 167dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat /* Which hook entry points are valid: bitmask. You can't 168dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat change this. */ 169dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat unsigned int valid_hooks; 170dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 171dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat /* Number of entries */ 172dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat unsigned int num_entries; 173dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 174dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat /* Total size of new entries */ 175dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat unsigned int size; 176dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 177dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat /* Hook entry points. */ 178dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat unsigned int hook_entry[NF_INET_NUMHOOKS]; 179dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 180dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat /* Underflow points. */ 181dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat unsigned int underflow[NF_INET_NUMHOOKS]; 182dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 183dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat /* Information about old entries: */ 184dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat /* Number of counters (must be equal to current number of entries). */ 185dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat unsigned int num_counters; 186dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat /* The old entries' counters. */ 187dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat struct xt_counters *counters; 188dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 189dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat /* The entries (hang off end: not really an array). */ 190dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat struct ipt_entry entries[0]; 191dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat}; 192dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 193dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat/* The argument to IPT_SO_ADD_COUNTERS. */ 194dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#define ipt_counters_info xt_counters_info 195dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 196dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat/* The argument to IPT_SO_GET_ENTRIES. */ 1971a441f49ec87ef74b978d7ae17da2a9b2ca6e811Dmitry Shmidtstruct ipt_get_entries { 198dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat /* Which table: user fills this in. */ 199dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat char name[IPT_TABLE_MAXNAMELEN]; 200dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 201dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat /* User fills this in: total entry size. */ 202dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat unsigned int size; 203dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 204dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat /* The entries. */ 205dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat struct ipt_entry entrytable[0]; 206dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat}; 207dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 208dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat/* Standard return verdict, or do jump. */ 209dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#define IPT_STANDARD_TARGET XT_STANDARD_TARGET 210dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat/* Error verdict. */ 211dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#define IPT_ERROR_TARGET XT_ERROR_TARGET 212dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 213dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat/* Helper functions */ 214dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehatstatic __inline__ struct ipt_entry_target * 215dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehatipt_get_target(struct ipt_entry *e) 216dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat{ 217dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat return (void *)e + e->target_offset; 218dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat} 219dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 220dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat/* fn returns 0 to continue iteration */ 221dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#define IPT_MATCH_ITERATE(e, fn, args...) \ 222dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat XT_MATCH_ITERATE(struct ipt_entry, e, fn, ## args) 223dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 224dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat/* fn returns 0 to continue iteration */ 225dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#define IPT_ENTRY_ITERATE(entries, size, fn, args...) \ 226dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat XT_ENTRY_ITERATE(struct ipt_entry, entries, size, fn, ## args) 227dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat 228dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat/* 229dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat * Main firewall chains definitions and global var's definitions. 230dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat */ 231dcfb7a77f8709125e97c313cb8ab6ec4d87468f4San Mehat#endif /* _IPTABLES_H */ 232