12cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer/* 22cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer * 25-Jul-1998 Major changes to allow for ip chain table 32cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer * 42cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer * 3-Jan-2000 Named tables to allow packet selection for different uses. 52cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer */ 62cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 72cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer/* 82cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer * Format of an IP firewall descriptor 92cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer * 102cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer * src, dst, src_mask, dst_mask are always stored in network byte order. 112cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer * flags are stored in host byte order (of course). 122cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer * Port numbers are stored in HOST byte order. 132cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer */ 142cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 152cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#ifndef _IPTABLES_H 162cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define _IPTABLES_H 172cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 18978e27e8f8c2e49d0528c6c4ae3a56627fbe8492Jan Engelhardt#include <linux/types.h> 19978e27e8f8c2e49d0528c6c4ae3a56627fbe8492Jan Engelhardt 202cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#include <linux/netfilter_ipv4.h> 212cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 222cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#include <linux/netfilter/x_tables.h> 232cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 242cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IPT_FUNCTION_MAXNAMELEN XT_FUNCTION_MAXNAMELEN 252cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IPT_TABLE_MAXNAMELEN XT_TABLE_MAXNAMELEN 262cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define ipt_match xt_match 272cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define ipt_target xt_target 282cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define ipt_table xt_table 292cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define ipt_get_revision xt_get_revision 302cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 312cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer/* Yes, Virginia, you have to zero the padding. */ 322cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouerstruct ipt_ip { 332cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer /* Source and destination IP addr */ 342cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer struct in_addr src, dst; 352cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer /* Mask for src and dest IP addr */ 362cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer struct in_addr smsk, dmsk; 372cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer char iniface[IFNAMSIZ], outiface[IFNAMSIZ]; 382cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer unsigned char iniface_mask[IFNAMSIZ], outiface_mask[IFNAMSIZ]; 392cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 402cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer /* Protocol, 0 = ANY */ 412cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer u_int16_t proto; 422cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 432cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer /* Flags word */ 442cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer u_int8_t flags; 452cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer /* Inverse flags */ 462cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer u_int8_t invflags; 472cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer}; 482cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 492cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define ipt_entry_match xt_entry_match 502cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define ipt_entry_target xt_entry_target 512cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define ipt_standard_target xt_standard_target 522cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 532cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define ipt_counters xt_counters 542cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 552cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer/* Values for "flag" field in struct ipt_ip (general ip structure). */ 562cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IPT_F_FRAG 0x01 /* Set if rule is a fragment rule */ 572cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IPT_F_GOTO 0x02 /* Set if jump is a goto */ 582cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IPT_F_MASK 0x03 /* All possible flag bits mask. */ 592cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 602cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer/* Values for "inv" field in struct ipt_ip. */ 612cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IPT_INV_VIA_IN 0x01 /* Invert the sense of IN IFACE. */ 622cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IPT_INV_VIA_OUT 0x02 /* Invert the sense of OUT IFACE */ 632cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IPT_INV_TOS 0x04 /* Invert the sense of TOS. */ 642cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IPT_INV_SRCIP 0x08 /* Invert the sense of SRC IP. */ 652cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IPT_INV_DSTIP 0x10 /* Invert the sense of DST OP. */ 662cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IPT_INV_FRAG 0x20 /* Invert the sense of FRAG. */ 672cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IPT_INV_PROTO XT_INV_PROTO 682cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IPT_INV_MASK 0x7F /* All possible flag bits mask. */ 692cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 702cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer/* This structure defines each of the firewall rules. Consists of 3 712cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer parts which are 1) general IP header stuff 2) match specific 722cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer stuff 3) the target to perform if the rule matches */ 73350661a6eb089f3e54e67e022db9e16ea280499fJan Engelhardtstruct ipt_entry { 742cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer struct ipt_ip ip; 752cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 762cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer /* Mark with fields that we care about. */ 772cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer unsigned int nfcache; 782cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 792cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer /* Size of ipt_entry + matches */ 802cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer u_int16_t target_offset; 812cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer /* Size of ipt_entry + matches + target */ 822cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer u_int16_t next_offset; 832cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 842cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer /* Back pointer */ 852cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer unsigned int comefrom; 862cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 872cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer /* Packet and byte counters. */ 882cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer struct xt_counters counters; 892cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 902cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer /* The matches (if any), then the target. */ 912cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer unsigned char elems[0]; 922cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer}; 932cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 942cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer/* 952cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer * New IP firewall options for [gs]etsockopt at the RAW IP level. 962cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer * Unlike BSD Linux inherits IP options so you don't have to use a raw 972cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer * socket for this. Instead we check rights in the calls. 982cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer * 992cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer * ATTENTION: check linux/in.h before adding new number here. 1002cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer */ 1012cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IPT_BASE_CTL 64 1022cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 1032cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IPT_SO_SET_REPLACE (IPT_BASE_CTL) 1042cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IPT_SO_SET_ADD_COUNTERS (IPT_BASE_CTL + 1) 1052cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IPT_SO_SET_MAX IPT_SO_SET_ADD_COUNTERS 1062cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 1072cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IPT_SO_GET_INFO (IPT_BASE_CTL) 1082cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IPT_SO_GET_ENTRIES (IPT_BASE_CTL + 1) 1092cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IPT_SO_GET_REVISION_MATCH (IPT_BASE_CTL + 2) 1102cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IPT_SO_GET_REVISION_TARGET (IPT_BASE_CTL + 3) 1112cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IPT_SO_GET_MAX IPT_SO_GET_REVISION_TARGET 1122cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 1132cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IPT_CONTINUE XT_CONTINUE 1142cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IPT_RETURN XT_RETURN 1152cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 1162cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#include <linux/netfilter/xt_tcpudp.h> 1172cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define ipt_udp xt_udp 1182cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define ipt_tcp xt_tcp 1192cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 1202cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IPT_TCP_INV_SRCPT XT_TCP_INV_SRCPT 1212cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IPT_TCP_INV_DSTPT XT_TCP_INV_DSTPT 1222cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IPT_TCP_INV_FLAGS XT_TCP_INV_FLAGS 1232cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IPT_TCP_INV_OPTION XT_TCP_INV_OPTION 1242cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IPT_TCP_INV_MASK XT_TCP_INV_MASK 1252cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 1262cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IPT_UDP_INV_SRCPT XT_UDP_INV_SRCPT 1272cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IPT_UDP_INV_DSTPT XT_UDP_INV_DSTPT 1282cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IPT_UDP_INV_MASK XT_UDP_INV_MASK 1292cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 1302cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer/* ICMP matching stuff */ 131350661a6eb089f3e54e67e022db9e16ea280499fJan Engelhardtstruct ipt_icmp { 1322cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer u_int8_t type; /* type to match */ 1332cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer u_int8_t code[2]; /* range of code */ 1342cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer u_int8_t invflags; /* Inverse flags */ 1352cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer}; 1362cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 1372cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer/* Values for "inv" field for struct ipt_icmp. */ 1382cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IPT_ICMP_INV 0x01 /* Invert the sense of type/code test */ 1392cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 1402cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer/* The argument to IPT_SO_GET_INFO */ 141350661a6eb089f3e54e67e022db9e16ea280499fJan Engelhardtstruct ipt_getinfo { 1422cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer /* Which table: caller fills this in. */ 1432cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer char name[IPT_TABLE_MAXNAMELEN]; 1442cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 1452cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer /* Kernel fills these in. */ 1462cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer /* Which hook entry points are valid: bitmask */ 1472cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer unsigned int valid_hooks; 1482cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 1492cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer /* Hook entry points: one per netfilter hook. */ 150ca7cd666949b68bf41a32de38ee38e332e89863bJan Engelhardt unsigned int hook_entry[NF_INET_NUMHOOKS]; 1512cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 1522cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer /* Underflow points. */ 153ca7cd666949b68bf41a32de38ee38e332e89863bJan Engelhardt unsigned int underflow[NF_INET_NUMHOOKS]; 1542cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 1552cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer /* Number of entries */ 1562cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer unsigned int num_entries; 1572cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 1582cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer /* Size of entries. */ 1592cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer unsigned int size; 1602cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer}; 1612cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 1622cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer/* The argument to IPT_SO_SET_REPLACE. */ 163350661a6eb089f3e54e67e022db9e16ea280499fJan Engelhardtstruct ipt_replace { 1642cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer /* Which table. */ 1652cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer char name[IPT_TABLE_MAXNAMELEN]; 1662cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 1672cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer /* Which hook entry points are valid: bitmask. You can't 1682cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer change this. */ 1692cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer unsigned int valid_hooks; 1702cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 1712cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer /* Number of entries */ 1722cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer unsigned int num_entries; 1732cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 1742cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer /* Total size of new entries */ 1752cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer unsigned int size; 1762cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 1772cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer /* Hook entry points. */ 178ca7cd666949b68bf41a32de38ee38e332e89863bJan Engelhardt unsigned int hook_entry[NF_INET_NUMHOOKS]; 1792cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 1802cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer /* Underflow points. */ 181ca7cd666949b68bf41a32de38ee38e332e89863bJan Engelhardt unsigned int underflow[NF_INET_NUMHOOKS]; 1822cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 1832cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer /* Information about old entries: */ 1842cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer /* Number of counters (must be equal to current number of entries). */ 1852cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer unsigned int num_counters; 1862cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer /* The old entries' counters. */ 187ca7cd666949b68bf41a32de38ee38e332e89863bJan Engelhardt struct xt_counters *counters; 1882cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 1892cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer /* The entries (hang off end: not really an array). */ 1902cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer struct ipt_entry entries[0]; 1912cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer}; 1922cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 1932cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer/* The argument to IPT_SO_ADD_COUNTERS. */ 1942cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define ipt_counters_info xt_counters_info 1952cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 1962cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer/* The argument to IPT_SO_GET_ENTRIES. */ 197350661a6eb089f3e54e67e022db9e16ea280499fJan Engelhardtstruct ipt_get_entries { 1982cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer /* Which table: user fills this in. */ 1992cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer char name[IPT_TABLE_MAXNAMELEN]; 2002cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 2012cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer /* User fills this in: total entry size. */ 2022cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer unsigned int size; 2032cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 2042cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer /* The entries. */ 2052cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer struct ipt_entry entrytable[0]; 2062cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer}; 2072cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 2082cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer/* Standard return verdict, or do jump. */ 2092cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IPT_STANDARD_TARGET XT_STANDARD_TARGET 2102cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer/* Error verdict. */ 2112cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IPT_ERROR_TARGET XT_ERROR_TARGET 2122cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 2132cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer/* Helper functions */ 2142cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouerstatic __inline__ struct ipt_entry_target * 2152cfa903a2882a5d7819c697870af9ae3ab106386Jesper Broueript_get_target(struct ipt_entry *e) 2162cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer{ 2172cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer return (void *)e + e->target_offset; 2182cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer} 2192cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 2202cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer/* fn returns 0 to continue iteration */ 221ca7cd666949b68bf41a32de38ee38e332e89863bJan Engelhardt#define IPT_MATCH_ITERATE(e, fn, args...) \ 222ca7cd666949b68bf41a32de38ee38e332e89863bJan Engelhardt XT_MATCH_ITERATE(struct ipt_entry, e, fn, ## args) 2232cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 2242cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer/* fn returns 0 to continue iteration */ 225ca7cd666949b68bf41a32de38ee38e332e89863bJan Engelhardt#define IPT_ENTRY_ITERATE(entries, size, fn, args...) \ 226ca7cd666949b68bf41a32de38ee38e332e89863bJan Engelhardt XT_ENTRY_ITERATE(struct ipt_entry, entries, size, fn, ## args) 2272cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 2282cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer/* 2292cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer * Main firewall chains definitions and global var's definitions. 2302cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer */ 2312cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#endif /* _IPTABLES_H */ 232