1e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger#ifndef _X_TABLES_H 2e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger#define _X_TABLES_H 3b4397f580e6eb3f20e8c433833be20283b44a3bcStephen Hemminger#include <linux/kernel.h> 4c40bba6922b470c0fd0c7a7b8b09584527c468e9Stephen Hemminger#include <linux/types.h> 5c40bba6922b470c0fd0c7a7b8b09584527c468e9Stephen Hemminger 6e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger#define XT_FUNCTION_MAXNAMELEN 30 7b4397f580e6eb3f20e8c433833be20283b44a3bcStephen Hemminger#define XT_EXTENSION_MAXNAMELEN 29 8e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger#define XT_TABLE_MAXNAMELEN 32 9e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger 10ab322673298bd0b8927cdd9d11f3d36af5941b93Stephen Hemmingerstruct xt_entry_match { 11e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger union { 12e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger struct { 13c40bba6922b470c0fd0c7a7b8b09584527c468e9Stephen Hemminger __u16 match_size; 14e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger 15e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger /* Used by userspace */ 16b4397f580e6eb3f20e8c433833be20283b44a3bcStephen Hemminger char name[XT_EXTENSION_MAXNAMELEN]; 17c40bba6922b470c0fd0c7a7b8b09584527c468e9Stephen Hemminger __u8 revision; 18e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger } user; 19e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger struct { 20c40bba6922b470c0fd0c7a7b8b09584527c468e9Stephen Hemminger __u16 match_size; 21e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger 22e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger /* Used inside the kernel */ 23e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger struct xt_match *match; 24e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger } kernel; 25e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger 26e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger /* Total length */ 27c40bba6922b470c0fd0c7a7b8b09584527c468e9Stephen Hemminger __u16 match_size; 28e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger } u; 29e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger 30e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger unsigned char data[0]; 31e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger}; 32e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger 33ab322673298bd0b8927cdd9d11f3d36af5941b93Stephen Hemmingerstruct xt_entry_target { 34e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger union { 35e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger struct { 36c40bba6922b470c0fd0c7a7b8b09584527c468e9Stephen Hemminger __u16 target_size; 37e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger 38e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger /* Used by userspace */ 39b4397f580e6eb3f20e8c433833be20283b44a3bcStephen Hemminger char name[XT_EXTENSION_MAXNAMELEN]; 40c40bba6922b470c0fd0c7a7b8b09584527c468e9Stephen Hemminger __u8 revision; 41e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger } user; 42e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger struct { 43c40bba6922b470c0fd0c7a7b8b09584527c468e9Stephen Hemminger __u16 target_size; 44e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger 45e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger /* Used inside the kernel */ 46e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger struct xt_target *target; 47e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger } kernel; 48e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger 49e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger /* Total length */ 50c40bba6922b470c0fd0c7a7b8b09584527c468e9Stephen Hemminger __u16 target_size; 51e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger } u; 52e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger 53e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger unsigned char data[0]; 54e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger}; 55e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger 56de3d12f48ac1869fc9f9cb442b2d692b027d8a14Stephen Hemminger#define XT_TARGET_INIT(__name, __size) \ 57de3d12f48ac1869fc9f9cb442b2d692b027d8a14Stephen Hemminger{ \ 58de3d12f48ac1869fc9f9cb442b2d692b027d8a14Stephen Hemminger .target.u.user = { \ 59de3d12f48ac1869fc9f9cb442b2d692b027d8a14Stephen Hemminger .target_size = XT_ALIGN(__size), \ 60de3d12f48ac1869fc9f9cb442b2d692b027d8a14Stephen Hemminger .name = __name, \ 61de3d12f48ac1869fc9f9cb442b2d692b027d8a14Stephen Hemminger }, \ 62de3d12f48ac1869fc9f9cb442b2d692b027d8a14Stephen Hemminger} 63de3d12f48ac1869fc9f9cb442b2d692b027d8a14Stephen Hemminger 64ab322673298bd0b8927cdd9d11f3d36af5941b93Stephen Hemmingerstruct xt_standard_target { 65e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger struct xt_entry_target target; 66e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger int verdict; 67e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger}; 68e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger 698552b387df5ff1c1df2b0a8e6585b53928838471Stephen Hemmingerstruct xt_error_target { 708552b387df5ff1c1df2b0a8e6585b53928838471Stephen Hemminger struct xt_entry_target target; 718552b387df5ff1c1df2b0a8e6585b53928838471Stephen Hemminger char errorname[XT_FUNCTION_MAXNAMELEN]; 728552b387df5ff1c1df2b0a8e6585b53928838471Stephen Hemminger}; 738552b387df5ff1c1df2b0a8e6585b53928838471Stephen Hemminger 74e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger/* The argument to IPT_SO_GET_REVISION_*. Returns highest revision 75e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger * kernel supports, if >= revision. */ 76ab322673298bd0b8927cdd9d11f3d36af5941b93Stephen Hemmingerstruct xt_get_revision { 77b4397f580e6eb3f20e8c433833be20283b44a3bcStephen Hemminger char name[XT_EXTENSION_MAXNAMELEN]; 78c40bba6922b470c0fd0c7a7b8b09584527c468e9Stephen Hemminger __u8 revision; 79e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger}; 80e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger 81e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger/* CONTINUE verdict for targets */ 82e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger#define XT_CONTINUE 0xFFFFFFFF 83e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger 84e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger/* For standard target */ 85e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger#define XT_RETURN (-NF_REPEAT - 1) 86e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger 87e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger/* this is a dummy structure to find out the alignment requirement for a struct 88e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger * containing all the fundamental data types that are used in ipt_entry, 89e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger * ip6t_entry and arpt_entry. This sucks, and it is a hack. It will be my 90e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger * personal pleasure to remove it -HW 91e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger */ 92ab322673298bd0b8927cdd9d11f3d36af5941b93Stephen Hemmingerstruct _xt_align { 93c40bba6922b470c0fd0c7a7b8b09584527c468e9Stephen Hemminger __u8 u8; 94c40bba6922b470c0fd0c7a7b8b09584527c468e9Stephen Hemminger __u16 u16; 95c40bba6922b470c0fd0c7a7b8b09584527c468e9Stephen Hemminger __u32 u32; 96c40bba6922b470c0fd0c7a7b8b09584527c468e9Stephen Hemminger __u64 u64; 97e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger}; 98e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger 99b4397f580e6eb3f20e8c433833be20283b44a3bcStephen Hemminger#define XT_ALIGN(s) __ALIGN_KERNEL((s), __alignof__(struct _xt_align)) 100e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger 101e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger/* Standard return verdict, or do jump. */ 102e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger#define XT_STANDARD_TARGET "" 103e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger/* Error verdict. */ 104e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger#define XT_ERROR_TARGET "ERROR" 105e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger 106e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger#define SET_COUNTER(c,b,p) do { (c).bcnt = (b); (c).pcnt = (p); } while(0) 107e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger#define ADD_COUNTER(c,b,p) do { (c).bcnt += (b); (c).pcnt += (p); } while(0) 108e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger 109ab322673298bd0b8927cdd9d11f3d36af5941b93Stephen Hemmingerstruct xt_counters { 110c40bba6922b470c0fd0c7a7b8b09584527c468e9Stephen Hemminger __u64 pcnt, bcnt; /* Packet and byte counters */ 111e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger}; 112e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger 113e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger/* The argument to IPT_SO_ADD_COUNTERS. */ 114ab322673298bd0b8927cdd9d11f3d36af5941b93Stephen Hemmingerstruct xt_counters_info { 115e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger /* Which table. */ 116e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger char name[XT_TABLE_MAXNAMELEN]; 117e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger 118e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger unsigned int num_counters; 119e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger 120e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger /* The counters (actually `number' of these). */ 121e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger struct xt_counters counters[0]; 122e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger}; 123e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger 124e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger#define XT_INV_PROTO 0x40 /* Invert the sense of PROTO. */ 125e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger 126bfe594fe31419a5f2cdd7ed7864b587d76fc22deStephen Hemminger/* fn returns 0 to continue iteration */ 127bfe594fe31419a5f2cdd7ed7864b587d76fc22deStephen Hemminger#define XT_MATCH_ITERATE(type, e, fn, args...) \ 128bfe594fe31419a5f2cdd7ed7864b587d76fc22deStephen Hemminger({ \ 129bfe594fe31419a5f2cdd7ed7864b587d76fc22deStephen Hemminger unsigned int __i; \ 130bfe594fe31419a5f2cdd7ed7864b587d76fc22deStephen Hemminger int __ret = 0; \ 131bfe594fe31419a5f2cdd7ed7864b587d76fc22deStephen Hemminger struct xt_entry_match *__m; \ 132bfe594fe31419a5f2cdd7ed7864b587d76fc22deStephen Hemminger \ 133bfe594fe31419a5f2cdd7ed7864b587d76fc22deStephen Hemminger for (__i = sizeof(type); \ 134bfe594fe31419a5f2cdd7ed7864b587d76fc22deStephen Hemminger __i < (e)->target_offset; \ 135bfe594fe31419a5f2cdd7ed7864b587d76fc22deStephen Hemminger __i += __m->u.match_size) { \ 136bfe594fe31419a5f2cdd7ed7864b587d76fc22deStephen Hemminger __m = (void *)e + __i; \ 137bfe594fe31419a5f2cdd7ed7864b587d76fc22deStephen Hemminger \ 138bfe594fe31419a5f2cdd7ed7864b587d76fc22deStephen Hemminger __ret = fn(__m , ## args); \ 139bfe594fe31419a5f2cdd7ed7864b587d76fc22deStephen Hemminger if (__ret != 0) \ 140bfe594fe31419a5f2cdd7ed7864b587d76fc22deStephen Hemminger break; \ 141bfe594fe31419a5f2cdd7ed7864b587d76fc22deStephen Hemminger } \ 142bfe594fe31419a5f2cdd7ed7864b587d76fc22deStephen Hemminger __ret; \ 143bfe594fe31419a5f2cdd7ed7864b587d76fc22deStephen Hemminger}) 144bfe594fe31419a5f2cdd7ed7864b587d76fc22deStephen Hemminger 145bfe594fe31419a5f2cdd7ed7864b587d76fc22deStephen Hemminger/* fn returns 0 to continue iteration */ 146bfe594fe31419a5f2cdd7ed7864b587d76fc22deStephen Hemminger#define XT_ENTRY_ITERATE_CONTINUE(type, entries, size, n, fn, args...) \ 147bfe594fe31419a5f2cdd7ed7864b587d76fc22deStephen Hemminger({ \ 148bfe594fe31419a5f2cdd7ed7864b587d76fc22deStephen Hemminger unsigned int __i, __n; \ 149bfe594fe31419a5f2cdd7ed7864b587d76fc22deStephen Hemminger int __ret = 0; \ 150bfe594fe31419a5f2cdd7ed7864b587d76fc22deStephen Hemminger type *__entry; \ 151bfe594fe31419a5f2cdd7ed7864b587d76fc22deStephen Hemminger \ 152bfe594fe31419a5f2cdd7ed7864b587d76fc22deStephen Hemminger for (__i = 0, __n = 0; __i < (size); \ 153bfe594fe31419a5f2cdd7ed7864b587d76fc22deStephen Hemminger __i += __entry->next_offset, __n++) { \ 154bfe594fe31419a5f2cdd7ed7864b587d76fc22deStephen Hemminger __entry = (void *)(entries) + __i; \ 155bfe594fe31419a5f2cdd7ed7864b587d76fc22deStephen Hemminger if (__n < n) \ 156bfe594fe31419a5f2cdd7ed7864b587d76fc22deStephen Hemminger continue; \ 157bfe594fe31419a5f2cdd7ed7864b587d76fc22deStephen Hemminger \ 158bfe594fe31419a5f2cdd7ed7864b587d76fc22deStephen Hemminger __ret = fn(__entry , ## args); \ 159bfe594fe31419a5f2cdd7ed7864b587d76fc22deStephen Hemminger if (__ret != 0) \ 160bfe594fe31419a5f2cdd7ed7864b587d76fc22deStephen Hemminger break; \ 161bfe594fe31419a5f2cdd7ed7864b587d76fc22deStephen Hemminger } \ 162bfe594fe31419a5f2cdd7ed7864b587d76fc22deStephen Hemminger __ret; \ 163bfe594fe31419a5f2cdd7ed7864b587d76fc22deStephen Hemminger}) 164bfe594fe31419a5f2cdd7ed7864b587d76fc22deStephen Hemminger 165bfe594fe31419a5f2cdd7ed7864b587d76fc22deStephen Hemminger/* fn returns 0 to continue iteration */ 166bfe594fe31419a5f2cdd7ed7864b587d76fc22deStephen Hemminger#define XT_ENTRY_ITERATE(type, entries, size, fn, args...) \ 167bfe594fe31419a5f2cdd7ed7864b587d76fc22deStephen Hemminger XT_ENTRY_ITERATE_CONTINUE(type, entries, size, 0, fn, args) 168bfe594fe31419a5f2cdd7ed7864b587d76fc22deStephen Hemminger 169e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger 1708ecdcce08319d0e39b0d32c1d17db3f69d85a35cStephen Hemminger/* pos is normally a struct ipt_entry/ip6t_entry/etc. */ 1718ecdcce08319d0e39b0d32c1d17db3f69d85a35cStephen Hemminger#define xt_entry_foreach(pos, ehead, esize) \ 1728ecdcce08319d0e39b0d32c1d17db3f69d85a35cStephen Hemminger for ((pos) = (typeof(pos))(ehead); \ 1738ecdcce08319d0e39b0d32c1d17db3f69d85a35cStephen Hemminger (pos) < (typeof(pos))((char *)(ehead) + (esize)); \ 1748ecdcce08319d0e39b0d32c1d17db3f69d85a35cStephen Hemminger (pos) = (typeof(pos))((char *)(pos) + (pos)->next_offset)) 1758ecdcce08319d0e39b0d32c1d17db3f69d85a35cStephen Hemminger 1768ecdcce08319d0e39b0d32c1d17db3f69d85a35cStephen Hemminger/* can only be xt_entry_match, so no use of typeof here */ 1778ecdcce08319d0e39b0d32c1d17db3f69d85a35cStephen Hemminger#define xt_ematch_foreach(pos, entry) \ 1788ecdcce08319d0e39b0d32c1d17db3f69d85a35cStephen Hemminger for ((pos) = (struct xt_entry_match *)entry->elems; \ 1798ecdcce08319d0e39b0d32c1d17db3f69d85a35cStephen Hemminger (pos) < (struct xt_entry_match *)((char *)(entry) + \ 1808ecdcce08319d0e39b0d32c1d17db3f69d85a35cStephen Hemminger (entry)->target_offset); \ 1818ecdcce08319d0e39b0d32c1d17db3f69d85a35cStephen Hemminger (pos) = (struct xt_entry_match *)((char *)(pos) + \ 1828ecdcce08319d0e39b0d32c1d17db3f69d85a35cStephen Hemminger (pos)->u.match_size)) 1838ecdcce08319d0e39b0d32c1d17db3f69d85a35cStephen Hemminger 1848ecdcce08319d0e39b0d32c1d17db3f69d85a35cStephen Hemminger 185e309c5fa6adf7c48074a08126721838ad4ea2749Stephen Hemminger#endif /* _X_TABLES_H */ 186