12cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer/*
22cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer * 25-Jul-1998 Major changes to allow for ip chain table
32cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer *
42cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer * 3-Jan-2000 Named tables to allow packet selection for different uses.
52cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer */
62cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer
72cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer/*
82cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer * 	Format of an IP firewall descriptor
92cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer *
102cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer * 	src, dst, src_mask, dst_mask are always stored in network byte order.
112cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer * 	flags are stored in host byte order (of course).
122cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer * 	Port numbers are stored in HOST byte order.
132cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer */
142cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer
152cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#ifndef _IPTABLES_H
162cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define _IPTABLES_H
172cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer
18978e27e8f8c2e49d0528c6c4ae3a56627fbe8492Jan Engelhardt#include <linux/types.h>
19978e27e8f8c2e49d0528c6c4ae3a56627fbe8492Jan Engelhardt
202cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#include <linux/netfilter_ipv4.h>
212cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer
222cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#include <linux/netfilter/x_tables.h>
232cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer
242cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IPT_FUNCTION_MAXNAMELEN XT_FUNCTION_MAXNAMELEN
252cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IPT_TABLE_MAXNAMELEN XT_TABLE_MAXNAMELEN
262cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define ipt_match xt_match
272cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define ipt_target xt_target
282cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define ipt_table xt_table
292cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define ipt_get_revision xt_get_revision
302cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer
312cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer/* Yes, Virginia, you have to zero the padding. */
322cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouerstruct ipt_ip {
332cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer	/* Source and destination IP addr */
342cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer	struct in_addr src, dst;
352cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer	/* Mask for src and dest IP addr */
362cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer	struct in_addr smsk, dmsk;
372cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer	char iniface[IFNAMSIZ], outiface[IFNAMSIZ];
382cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer	unsigned char iniface_mask[IFNAMSIZ], outiface_mask[IFNAMSIZ];
392cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer
402cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer	/* Protocol, 0 = ANY */
412cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer	u_int16_t proto;
422cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer
432cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer	/* Flags word */
442cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer	u_int8_t flags;
452cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer	/* Inverse flags */
462cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer	u_int8_t invflags;
472cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer};
482cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer
492cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define ipt_entry_match xt_entry_match
502cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define ipt_entry_target xt_entry_target
512cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define ipt_standard_target xt_standard_target
522cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer
532cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define ipt_counters xt_counters
542cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer
552cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer/* Values for "flag" field in struct ipt_ip (general ip structure). */
562cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IPT_F_FRAG		0x01	/* Set if rule is a fragment rule */
572cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IPT_F_GOTO		0x02	/* Set if jump is a goto */
582cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IPT_F_MASK		0x03	/* All possible flag bits mask. */
592cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer
602cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer/* Values for "inv" field in struct ipt_ip. */
612cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IPT_INV_VIA_IN		0x01	/* Invert the sense of IN IFACE. */
622cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IPT_INV_VIA_OUT		0x02	/* Invert the sense of OUT IFACE */
632cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IPT_INV_TOS		0x04	/* Invert the sense of TOS. */
642cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IPT_INV_SRCIP		0x08	/* Invert the sense of SRC IP. */
652cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IPT_INV_DSTIP		0x10	/* Invert the sense of DST OP. */
662cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IPT_INV_FRAG		0x20	/* Invert the sense of FRAG. */
672cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IPT_INV_PROTO		XT_INV_PROTO
682cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IPT_INV_MASK		0x7F	/* All possible flag bits mask. */
692cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer
702cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer/* This structure defines each of the firewall rules.  Consists of 3
712cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer   parts which are 1) general IP header stuff 2) match specific
722cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer   stuff 3) the target to perform if the rule matches */
73350661a6eb089f3e54e67e022db9e16ea280499fJan Engelhardtstruct ipt_entry {
742cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer	struct ipt_ip ip;
752cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer
762cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer	/* Mark with fields that we care about. */
772cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer	unsigned int nfcache;
782cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer
792cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer	/* Size of ipt_entry + matches */
802cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer	u_int16_t target_offset;
812cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer	/* Size of ipt_entry + matches + target */
822cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer	u_int16_t next_offset;
832cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer
842cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer	/* Back pointer */
852cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer	unsigned int comefrom;
862cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer
872cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer	/* Packet and byte counters. */
882cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer	struct xt_counters counters;
892cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer
902cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer	/* The matches (if any), then the target. */
912cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer	unsigned char elems[0];
922cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer};
932cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer
942cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer/*
952cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer * New IP firewall options for [gs]etsockopt at the RAW IP level.
962cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer * Unlike BSD Linux inherits IP options so you don't have to use a raw
972cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer * socket for this. Instead we check rights in the calls.
982cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer *
992cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer * ATTENTION: check linux/in.h before adding new number here.
1002cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer */
1012cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IPT_BASE_CTL		64
1022cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer
1032cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IPT_SO_SET_REPLACE	(IPT_BASE_CTL)
1042cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IPT_SO_SET_ADD_COUNTERS	(IPT_BASE_CTL + 1)
1052cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IPT_SO_SET_MAX		IPT_SO_SET_ADD_COUNTERS
1062cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer
1072cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IPT_SO_GET_INFO			(IPT_BASE_CTL)
1082cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IPT_SO_GET_ENTRIES		(IPT_BASE_CTL + 1)
1092cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IPT_SO_GET_REVISION_MATCH	(IPT_BASE_CTL + 2)
1102cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IPT_SO_GET_REVISION_TARGET	(IPT_BASE_CTL + 3)
1112cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IPT_SO_GET_MAX			IPT_SO_GET_REVISION_TARGET
1122cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer
1132cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IPT_CONTINUE XT_CONTINUE
1142cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IPT_RETURN XT_RETURN
1152cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer
1162cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#include <linux/netfilter/xt_tcpudp.h>
1172cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define ipt_udp xt_udp
1182cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define ipt_tcp xt_tcp
1192cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer
1202cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IPT_TCP_INV_SRCPT	XT_TCP_INV_SRCPT
1212cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IPT_TCP_INV_DSTPT	XT_TCP_INV_DSTPT
1222cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IPT_TCP_INV_FLAGS	XT_TCP_INV_FLAGS
1232cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IPT_TCP_INV_OPTION	XT_TCP_INV_OPTION
1242cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IPT_TCP_INV_MASK	XT_TCP_INV_MASK
1252cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer
1262cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IPT_UDP_INV_SRCPT	XT_UDP_INV_SRCPT
1272cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IPT_UDP_INV_DSTPT	XT_UDP_INV_DSTPT
1282cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IPT_UDP_INV_MASK	XT_UDP_INV_MASK
1292cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer
1302cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer/* ICMP matching stuff */
131350661a6eb089f3e54e67e022db9e16ea280499fJan Engelhardtstruct ipt_icmp {
1322cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer	u_int8_t type;				/* type to match */
1332cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer	u_int8_t code[2];			/* range of code */
1342cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer	u_int8_t invflags;			/* Inverse flags */
1352cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer};
1362cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer
1372cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer/* Values for "inv" field for struct ipt_icmp. */
1382cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IPT_ICMP_INV	0x01	/* Invert the sense of type/code test */
1392cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer
1402cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer/* The argument to IPT_SO_GET_INFO */
141350661a6eb089f3e54e67e022db9e16ea280499fJan Engelhardtstruct ipt_getinfo {
1422cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer	/* Which table: caller fills this in. */
1432cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer	char name[IPT_TABLE_MAXNAMELEN];
1442cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer
1452cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer	/* Kernel fills these in. */
1462cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer	/* Which hook entry points are valid: bitmask */
1472cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer	unsigned int valid_hooks;
1482cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer
1492cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer	/* Hook entry points: one per netfilter hook. */
150ca7cd666949b68bf41a32de38ee38e332e89863bJan Engelhardt	unsigned int hook_entry[NF_INET_NUMHOOKS];
1512cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer
1522cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer	/* Underflow points. */
153ca7cd666949b68bf41a32de38ee38e332e89863bJan Engelhardt	unsigned int underflow[NF_INET_NUMHOOKS];
1542cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer
1552cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer	/* Number of entries */
1562cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer	unsigned int num_entries;
1572cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer
1582cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer	/* Size of entries. */
1592cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer	unsigned int size;
1602cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer};
1612cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer
1622cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer/* The argument to IPT_SO_SET_REPLACE. */
163350661a6eb089f3e54e67e022db9e16ea280499fJan Engelhardtstruct ipt_replace {
1642cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer	/* Which table. */
1652cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer	char name[IPT_TABLE_MAXNAMELEN];
1662cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer
1672cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer	/* Which hook entry points are valid: bitmask.  You can't
1682cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer           change this. */
1692cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer	unsigned int valid_hooks;
1702cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer
1712cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer	/* Number of entries */
1722cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer	unsigned int num_entries;
1732cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer
1742cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer	/* Total size of new entries */
1752cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer	unsigned int size;
1762cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer
1772cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer	/* Hook entry points. */
178ca7cd666949b68bf41a32de38ee38e332e89863bJan Engelhardt	unsigned int hook_entry[NF_INET_NUMHOOKS];
1792cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer
1802cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer	/* Underflow points. */
181ca7cd666949b68bf41a32de38ee38e332e89863bJan Engelhardt	unsigned int underflow[NF_INET_NUMHOOKS];
1822cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer
1832cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer	/* Information about old entries: */
1842cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer	/* Number of counters (must be equal to current number of entries). */
1852cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer	unsigned int num_counters;
1862cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer	/* The old entries' counters. */
187ca7cd666949b68bf41a32de38ee38e332e89863bJan Engelhardt	struct xt_counters *counters;
1882cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer
1892cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer	/* The entries (hang off end: not really an array). */
1902cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer	struct ipt_entry entries[0];
1912cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer};
1922cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer
1932cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer/* The argument to IPT_SO_ADD_COUNTERS. */
1942cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define ipt_counters_info xt_counters_info
1952cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer
1962cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer/* The argument to IPT_SO_GET_ENTRIES. */
197350661a6eb089f3e54e67e022db9e16ea280499fJan Engelhardtstruct ipt_get_entries {
1982cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer	/* Which table: user fills this in. */
1992cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer	char name[IPT_TABLE_MAXNAMELEN];
2002cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer
2012cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer	/* User fills this in: total entry size. */
2022cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer	unsigned int size;
2032cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer
2042cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer	/* The entries. */
2052cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer	struct ipt_entry entrytable[0];
2062cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer};
2072cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer
2082cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer/* Standard return verdict, or do jump. */
2092cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IPT_STANDARD_TARGET XT_STANDARD_TARGET
2102cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer/* Error verdict. */
2112cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IPT_ERROR_TARGET XT_ERROR_TARGET
2122cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer
2132cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer/* Helper functions */
2142cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouerstatic __inline__ struct ipt_entry_target *
2152cfa903a2882a5d7819c697870af9ae3ab106386Jesper Broueript_get_target(struct ipt_entry *e)
2162cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer{
2172cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer	return (void *)e + e->target_offset;
2182cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer}
2192cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer
2202cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer/* fn returns 0 to continue iteration */
221ca7cd666949b68bf41a32de38ee38e332e89863bJan Engelhardt#define IPT_MATCH_ITERATE(e, fn, args...) \
222ca7cd666949b68bf41a32de38ee38e332e89863bJan Engelhardt	XT_MATCH_ITERATE(struct ipt_entry, e, fn, ## args)
2232cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer
2242cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer/* fn returns 0 to continue iteration */
225ca7cd666949b68bf41a32de38ee38e332e89863bJan Engelhardt#define IPT_ENTRY_ITERATE(entries, size, fn, args...) \
226ca7cd666949b68bf41a32de38ee38e332e89863bJan Engelhardt	XT_ENTRY_ITERATE(struct ipt_entry, entries, size, fn, ## args)
2272cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer
2282cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer/*
2292cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer *	Main firewall chains definitions and global var's definitions.
2302cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer */
2312cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#endif /* _IPTABLES_H */
232