ip_tables.h revision de3d12f48ac1869fc9f9cb442b2d692b027d8a14
1cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)/* 2cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) * 25-Jul-1998 Major changes to allow for ip chain table 3cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) * 4cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) * 3-Jan-2000 Named tables to allow packet selection for different uses. 5cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) */ 6cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 7cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)/* 8cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) * Format of an IP firewall descriptor 9cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) * 10cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) * src, dst, src_mask, dst_mask are always stored in network byte order. 11cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) * flags are stored in host byte order (of course). 12cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) * Port numbers are stored in HOST byte order. 13cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) */ 14cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 15cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#ifndef _IPTABLES_H 16cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#define _IPTABLES_H 17cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 18cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#include <linux/netfilter_ipv4.h> 19cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 20cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#include <linux/netfilter/x_tables.h> 21cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 22cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#define IPT_FUNCTION_MAXNAMELEN XT_FUNCTION_MAXNAMELEN 23cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#define IPT_TABLE_MAXNAMELEN XT_TABLE_MAXNAMELEN 24cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#define ipt_match xt_match 25cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#define ipt_target xt_target 26cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#define ipt_table xt_table 27cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#define ipt_get_revision xt_get_revision 28cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 29cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)/* Yes, Virginia, you have to zero the padding. */ 30cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)struct ipt_ip { 31cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) /* Source and destination IP addr */ 32cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) struct in_addr src, dst; 33cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) /* Mask for src and dest IP addr */ 34cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) struct in_addr smsk, dmsk; 35cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) char iniface[IFNAMSIZ], outiface[IFNAMSIZ]; 36cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) unsigned char iniface_mask[IFNAMSIZ], outiface_mask[IFNAMSIZ]; 37cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 38cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) /* Protocol, 0 = ANY */ 39cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) u_int16_t proto; 40cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 41cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) /* Flags word */ 42cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) u_int8_t flags; 43cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) /* Inverse flags */ 44cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) u_int8_t invflags; 45cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)}; 46cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 47cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#define ipt_entry_match xt_entry_match 48cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#define ipt_entry_target xt_entry_target 49cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#define ipt_standard_target xt_standard_target 50cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 51cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#define ipt_counters xt_counters 52cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 53cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)/* Values for "flag" field in struct ipt_ip (general ip structure). */ 54cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#define IPT_F_FRAG 0x01 /* Set if rule is a fragment rule */ 55cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#define IPT_F_GOTO 0x02 /* Set if jump is a goto */ 56cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#define IPT_F_MASK 0x03 /* All possible flag bits mask. */ 57cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 58cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)/* Values for "inv" field in struct ipt_ip. */ 59cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#define IPT_INV_VIA_IN 0x01 /* Invert the sense of IN IFACE. */ 60cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#define IPT_INV_VIA_OUT 0x02 /* Invert the sense of OUT IFACE */ 61cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#define IPT_INV_TOS 0x04 /* Invert the sense of TOS. */ 62cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#define IPT_INV_SRCIP 0x08 /* Invert the sense of SRC IP. */ 63cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#define IPT_INV_DSTIP 0x10 /* Invert the sense of DST OP. */ 64cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#define IPT_INV_FRAG 0x20 /* Invert the sense of FRAG. */ 65cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#define IPT_INV_PROTO XT_INV_PROTO 66cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#define IPT_INV_MASK 0x7F /* All possible flag bits mask. */ 67cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 68cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)/* This structure defines each of the firewall rules. Consists of 3 69cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) parts which are 1) general IP header stuff 2) match specific 70cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) stuff 3) the target to perform if the rule matches */ 71cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)struct ipt_entry 72cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles){ 73cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) struct ipt_ip ip; 74cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 75cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) /* Mark with fields that we care about. */ 76cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) unsigned int nfcache; 77cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 78cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) /* Size of ipt_entry + matches */ 79cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) u_int16_t target_offset; 80cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) /* Size of ipt_entry + matches + target */ 81cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) u_int16_t next_offset; 82cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 83cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) /* Back pointer */ 84cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) unsigned int comefrom; 85cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 86cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) /* Packet and byte counters. */ 87cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) struct xt_counters counters; 88cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 89cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) /* The matches (if any), then the target. */ 90cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) unsigned char elems[0]; 91cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)}; 92cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 93cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)/* 94cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) * New IP firewall options for [gs]etsockopt at the RAW IP level. 95cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) * Unlike BSD Linux inherits IP options so you don't have to use a raw 96cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) * socket for this. Instead we check rights in the calls. 97cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) * 98cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) * ATTENTION: check linux/in.h before adding new number here. 99cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) */ 100cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#define IPT_BASE_CTL 64 101cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 102cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#define IPT_SO_SET_REPLACE (IPT_BASE_CTL) 103cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#define IPT_SO_SET_ADD_COUNTERS (IPT_BASE_CTL + 1) 104cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#define IPT_SO_SET_MAX IPT_SO_SET_ADD_COUNTERS 105cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 106cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#define IPT_SO_GET_INFO (IPT_BASE_CTL) 107cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#define IPT_SO_GET_ENTRIES (IPT_BASE_CTL + 1) 108cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#define IPT_SO_GET_REVISION_MATCH (IPT_BASE_CTL + 2) 109cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#define IPT_SO_GET_REVISION_TARGET (IPT_BASE_CTL + 3) 110cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#define IPT_SO_GET_MAX IPT_SO_GET_REVISION_TARGET 111cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 112cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#define IPT_CONTINUE XT_CONTINUE 113cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#define IPT_RETURN XT_RETURN 114cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 115cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#include <linux/netfilter/xt_tcpudp.h> 116cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#define ipt_udp xt_udp 117cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#define ipt_tcp xt_tcp 118cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 119cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#define IPT_TCP_INV_SRCPT XT_TCP_INV_SRCPT 120cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#define IPT_TCP_INV_DSTPT XT_TCP_INV_DSTPT 121cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#define IPT_TCP_INV_FLAGS XT_TCP_INV_FLAGS 122cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#define IPT_TCP_INV_OPTION XT_TCP_INV_OPTION 123cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#define IPT_TCP_INV_MASK XT_TCP_INV_MASK 124cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 125cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#define IPT_UDP_INV_SRCPT XT_UDP_INV_SRCPT 126cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#define IPT_UDP_INV_DSTPT XT_UDP_INV_DSTPT 127cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#define IPT_UDP_INV_MASK XT_UDP_INV_MASK 128cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 129cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)/* ICMP matching stuff */ 130cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)struct ipt_icmp 131cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles){ 132cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) u_int8_t type; /* type to match */ 133cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) u_int8_t code[2]; /* range of code */ 134cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) u_int8_t invflags; /* Inverse flags */ 135cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)}; 136cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 137cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)/* Values for "inv" field for struct ipt_icmp. */ 138cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#define IPT_ICMP_INV 0x01 /* Invert the sense of type/code test */ 139cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 140cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)/* The argument to IPT_SO_GET_INFO */ 141cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)struct ipt_getinfo 142cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles){ 143cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) /* Which table: caller fills this in. */ 144cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) char name[IPT_TABLE_MAXNAMELEN]; 145cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 146cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) /* Kernel fills these in. */ 147cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) /* Which hook entry points are valid: bitmask */ 148cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) unsigned int valid_hooks; 149cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 150cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) /* Hook entry points: one per netfilter hook. */ 151cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) unsigned int hook_entry[NF_IP_NUMHOOKS]; 152cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 153cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) /* Underflow points. */ 154cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) unsigned int underflow[NF_IP_NUMHOOKS]; 155cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 156cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) /* Number of entries */ 157cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) unsigned int num_entries; 158cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 159cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) /* Size of entries. */ 160cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) unsigned int size; 161cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)}; 162cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 163cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)/* The argument to IPT_SO_SET_REPLACE. */ 164cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)struct ipt_replace 165cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles){ 166cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) /* Which table. */ 167cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) char name[IPT_TABLE_MAXNAMELEN]; 168cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 169cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) /* Which hook entry points are valid: bitmask. You can't 170cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) change this. */ 171cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) unsigned int valid_hooks; 172cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 173cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) /* Number of entries */ 174cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) unsigned int num_entries; 175cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 176cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) /* Total size of new entries */ 177cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) unsigned int size; 178cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 179cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) /* Hook entry points. */ 180cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) unsigned int hook_entry[NF_IP_NUMHOOKS]; 181cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 182cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) /* Underflow points. */ 183cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) unsigned int underflow[NF_IP_NUMHOOKS]; 184cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 185cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) /* Information about old entries: */ 186cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) /* Number of counters (must be equal to current number of entries). */ 187cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) unsigned int num_counters; 188cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) /* The old entries' counters. */ 189cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) struct xt_counters *counters; 190cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 191cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) /* The entries (hang off end: not really an array). */ 192cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) struct ipt_entry entries[0]; 193cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)}; 194cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 195cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)/* The argument to IPT_SO_ADD_COUNTERS. */ 196cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#define ipt_counters_info xt_counters_info 197cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 198cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)/* The argument to IPT_SO_GET_ENTRIES. */ 199cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)struct ipt_get_entries 200cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles){ 201cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) /* Which table: user fills this in. */ 202cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) char name[IPT_TABLE_MAXNAMELEN]; 203cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 204cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) /* User fills this in: total entry size. */ 205cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) unsigned int size; 206cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 207cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) /* The entries. */ 208cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) struct ipt_entry entrytable[0]; 209cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)}; 210cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 211cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)/* Standard return verdict, or do jump. */ 212cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#define IPT_STANDARD_TARGET XT_STANDARD_TARGET 213cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)/* Error verdict. */ 214cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#define IPT_ERROR_TARGET XT_ERROR_TARGET 215cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 216cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)/* Helper functions */ 217cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)static __inline__ struct ipt_entry_target * 218cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)ipt_get_target(struct ipt_entry *e) 219cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles){ 220cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) return (void *)e + e->target_offset; 221cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)} 222cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 223cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)/* fn returns 0 to continue iteration */ 224cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#define IPT_MATCH_ITERATE(e, fn, args...) \ 225cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)({ \ 226cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) unsigned int __i; \ 227cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) int __ret = 0; \ 228cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) struct ipt_entry_match *__match; \ 229cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) \ 230cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) for (__i = sizeof(struct ipt_entry); \ 231cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) __i < (e)->target_offset; \ 232cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) __i += __match->u.match_size) { \ 233cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) __match = (void *)(e) + __i; \ 234cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) \ 235cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) __ret = fn(__match , ## args); \ 236cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) if (__ret != 0) \ 237cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) break; \ 238cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) } \ 239cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) __ret; \ 240cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)}) 241cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 242cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)/* fn returns 0 to continue iteration */ 243cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#define IPT_ENTRY_ITERATE(entries, size, fn, args...) \ 244cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)({ \ 245cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) unsigned int __i; \ 246cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) int __ret = 0; \ 247cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) struct ipt_entry *__entry; \ 248cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) \ 249cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) for (__i = 0; __i < (size); __i += __entry->next_offset) { \ 250cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) __entry = (void *)(entries) + __i; \ 251cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) \ 252cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) __ret = fn(__entry , ## args); \ 253cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) if (__ret != 0) \ 254cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) break; \ 255cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) } \ 256cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) __ret; \ 257cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)}) 258cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 259cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)/* fn returns 0 to continue iteration */ 260cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#define IPT_ENTRY_ITERATE_CONTINUE(entries, size, n, fn, args...) \ 261cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)({ \ 262cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) unsigned int __i, __n; \ 263cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) int __ret = 0; \ 264cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) struct ipt_entry *__entry; \ 265cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) \ 266cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) for (__i = 0, __n = 0; __i < (size); \ 267cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) __i += __entry->next_offset, __n++) { \ 268cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) __entry = (void *)(entries) + __i; \ 269cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) if (__n < n) \ 270cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) continue; \ 271cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) \ 272cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) __ret = fn(__entry , ## args); \ 273cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) if (__ret != 0) \ 274cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) break; \ 275cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) } \ 276cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) __ret; \ 277cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)}) 278cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) 279cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)/* 280cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) * Main firewall chains definitions and global var's definitions. 281cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) */ 282cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#endif /* _IPTABLES_H */ 283cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)