12cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer/* 22cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer * 25-Jul-1998 Major changes to allow for ip chain table 32cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer * 42cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer * 3-Jan-2000 Named tables to allow packet selection for different uses. 52cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer */ 62cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 72cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer/* 82cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer * Format of an IP6 firewall descriptor 92cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer * 102cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer * src, dst, src_mask, dst_mask are always stored in network byte order. 112cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer * flags are stored in host byte order (of course). 122cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer * Port numbers are stored in HOST byte order. 132cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer */ 142cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 152cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#ifndef _IP6_TABLES_H 162cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define _IP6_TABLES_H 172cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 18978e27e8f8c2e49d0528c6c4ae3a56627fbe8492Jan Engelhardt#include <linux/types.h> 19978e27e8f8c2e49d0528c6c4ae3a56627fbe8492Jan Engelhardt 202cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#include <linux/netfilter_ipv6.h> 212cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 222cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#include <linux/netfilter/x_tables.h> 232cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 242cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IP6T_FUNCTION_MAXNAMELEN XT_FUNCTION_MAXNAMELEN 252cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IP6T_TABLE_MAXNAMELEN XT_TABLE_MAXNAMELEN 262cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define ip6t_match xt_match 272cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define ip6t_target xt_target 282cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define ip6t_table xt_table 292cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define ip6t_get_revision xt_get_revision 30dbe77cc974cee656eae37e75039dd1a410a4535bJan Engelhardt#define ip6t_entry_match xt_entry_match 31dbe77cc974cee656eae37e75039dd1a410a4535bJan Engelhardt#define ip6t_entry_target xt_entry_target 32dbe77cc974cee656eae37e75039dd1a410a4535bJan Engelhardt#define ip6t_standard_target xt_standard_target 33dbe77cc974cee656eae37e75039dd1a410a4535bJan Engelhardt#define ip6t_error_target xt_error_target 34dbe77cc974cee656eae37e75039dd1a410a4535bJan Engelhardt#define ip6t_counters xt_counters 35dbe77cc974cee656eae37e75039dd1a410a4535bJan Engelhardt#define IP6T_CONTINUE XT_CONTINUE 36dbe77cc974cee656eae37e75039dd1a410a4535bJan Engelhardt#define IP6T_RETURN XT_RETURN 37dbe77cc974cee656eae37e75039dd1a410a4535bJan Engelhardt 38dbe77cc974cee656eae37e75039dd1a410a4535bJan Engelhardt/* Pre-iptables-1.4.0 */ 39dbe77cc974cee656eae37e75039dd1a410a4535bJan Engelhardt#include <linux/netfilter/xt_tcpudp.h> 40dbe77cc974cee656eae37e75039dd1a410a4535bJan Engelhardt#define ip6t_tcp xt_tcp 41dbe77cc974cee656eae37e75039dd1a410a4535bJan Engelhardt#define ip6t_udp xt_udp 42dbe77cc974cee656eae37e75039dd1a410a4535bJan Engelhardt#define IP6T_TCP_INV_SRCPT XT_TCP_INV_SRCPT 43dbe77cc974cee656eae37e75039dd1a410a4535bJan Engelhardt#define IP6T_TCP_INV_DSTPT XT_TCP_INV_DSTPT 44dbe77cc974cee656eae37e75039dd1a410a4535bJan Engelhardt#define IP6T_TCP_INV_FLAGS XT_TCP_INV_FLAGS 45dbe77cc974cee656eae37e75039dd1a410a4535bJan Engelhardt#define IP6T_TCP_INV_OPTION XT_TCP_INV_OPTION 46dbe77cc974cee656eae37e75039dd1a410a4535bJan Engelhardt#define IP6T_TCP_INV_MASK XT_TCP_INV_MASK 47dbe77cc974cee656eae37e75039dd1a410a4535bJan Engelhardt#define IP6T_UDP_INV_SRCPT XT_UDP_INV_SRCPT 48dbe77cc974cee656eae37e75039dd1a410a4535bJan Engelhardt#define IP6T_UDP_INV_DSTPT XT_UDP_INV_DSTPT 49dbe77cc974cee656eae37e75039dd1a410a4535bJan Engelhardt#define IP6T_UDP_INV_MASK XT_UDP_INV_MASK 50dbe77cc974cee656eae37e75039dd1a410a4535bJan Engelhardt 51dbe77cc974cee656eae37e75039dd1a410a4535bJan Engelhardt#define ip6t_counters_info xt_counters_info 52dbe77cc974cee656eae37e75039dd1a410a4535bJan Engelhardt#define IP6T_STANDARD_TARGET XT_STANDARD_TARGET 53dbe77cc974cee656eae37e75039dd1a410a4535bJan Engelhardt#define IP6T_ERROR_TARGET XT_ERROR_TARGET 54dbe77cc974cee656eae37e75039dd1a410a4535bJan Engelhardt#define IP6T_MATCH_ITERATE(e, fn, args...) \ 55dbe77cc974cee656eae37e75039dd1a410a4535bJan Engelhardt XT_MATCH_ITERATE(struct ip6t_entry, e, fn, ## args) 56dbe77cc974cee656eae37e75039dd1a410a4535bJan Engelhardt#define IP6T_ENTRY_ITERATE(entries, size, fn, args...) \ 57dbe77cc974cee656eae37e75039dd1a410a4535bJan Engelhardt XT_ENTRY_ITERATE(struct ip6t_entry, entries, size, fn, ## args) 582cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 592cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer/* Yes, Virginia, you have to zero the padding. */ 602cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouerstruct ip6t_ip6 { 612cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer /* Source and destination IP6 addr */ 622cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer struct in6_addr src, dst; 632cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer /* Mask for src and dest IP6 addr */ 642cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer struct in6_addr smsk, dmsk; 652cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer char iniface[IFNAMSIZ], outiface[IFNAMSIZ]; 662cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer unsigned char iniface_mask[IFNAMSIZ], outiface_mask[IFNAMSIZ]; 672cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 682cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer /* Upper protocol number 692cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer * - The allowed value is 0 (any) or protocol number of last parsable 702cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer * header, which is 50 (ESP), 59 (No Next Header), 135 (MH), or 712cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer * the non IPv6 extension headers. 722cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer * - The protocol numbers of IPv6 extension headers except of ESP and 732cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer * MH do not match any packets. 742cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer * - You also need to set IP6T_FLAGS_PROTO to "flags" to check protocol. 752cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer */ 76311a6d743df6062246fa0b90cc90e5f6e947b336Felix Janda __u16 proto; 772cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer /* TOS to match iff flags & IP6T_F_TOS */ 78311a6d743df6062246fa0b90cc90e5f6e947b336Felix Janda __u8 tos; 792cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 802cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer /* Flags word */ 81311a6d743df6062246fa0b90cc90e5f6e947b336Felix Janda __u8 flags; 822cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer /* Inverse flags */ 83311a6d743df6062246fa0b90cc90e5f6e947b336Felix Janda __u8 invflags; 842cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer}; 852cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 862cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer/* Values for "flag" field in struct ip6t_ip6 (general ip6 structure). */ 872cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IP6T_F_PROTO 0x01 /* Set if rule cares about upper 882cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer protocols */ 892cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IP6T_F_TOS 0x02 /* Match the TOS. */ 902cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IP6T_F_GOTO 0x04 /* Set if jump is a goto */ 912cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IP6T_F_MASK 0x07 /* All possible flag bits mask. */ 922cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 932cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer/* Values for "inv" field in struct ip6t_ip6. */ 942cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IP6T_INV_VIA_IN 0x01 /* Invert the sense of IN IFACE. */ 952cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IP6T_INV_VIA_OUT 0x02 /* Invert the sense of OUT IFACE */ 962cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IP6T_INV_TOS 0x04 /* Invert the sense of TOS. */ 972cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IP6T_INV_SRCIP 0x08 /* Invert the sense of SRC IP. */ 982cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IP6T_INV_DSTIP 0x10 /* Invert the sense of DST OP. */ 992cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IP6T_INV_FRAG 0x20 /* Invert the sense of FRAG. */ 1002cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IP6T_INV_PROTO XT_INV_PROTO 1012cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IP6T_INV_MASK 0x7F /* All possible flag bits mask. */ 1022cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 1032cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer/* This structure defines each of the firewall rules. Consists of 3 1042cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer parts which are 1) general IP header stuff 2) match specific 1052cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer stuff 3) the target to perform if the rule matches */ 106350661a6eb089f3e54e67e022db9e16ea280499fJan Engelhardtstruct ip6t_entry { 1072cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer struct ip6t_ip6 ipv6; 1082cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 1092cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer /* Mark with fields that we care about. */ 1102cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer unsigned int nfcache; 1112cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 1122cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer /* Size of ipt_entry + matches */ 113311a6d743df6062246fa0b90cc90e5f6e947b336Felix Janda __u16 target_offset; 1142cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer /* Size of ipt_entry + matches + target */ 115311a6d743df6062246fa0b90cc90e5f6e947b336Felix Janda __u16 next_offset; 1162cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 1172cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer /* Back pointer */ 1182cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer unsigned int comefrom; 1192cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 1202cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer /* Packet and byte counters. */ 1212cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer struct xt_counters counters; 1222cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 1232cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer /* The matches (if any), then the target. */ 1242cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer unsigned char elems[0]; 1252cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer}; 1262cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 1272cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer/* Standard entry */ 128350661a6eb089f3e54e67e022db9e16ea280499fJan Engelhardtstruct ip6t_standard { 1292cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer struct ip6t_entry entry; 130dbe77cc974cee656eae37e75039dd1a410a4535bJan Engelhardt struct xt_standard_target target; 1312cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer}; 1322cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 133350661a6eb089f3e54e67e022db9e16ea280499fJan Engelhardtstruct ip6t_error { 1342cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer struct ip6t_entry entry; 135dbe77cc974cee656eae37e75039dd1a410a4535bJan Engelhardt struct xt_error_target target; 1362cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer}; 1372cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 1382cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IP6T_ENTRY_INIT(__size) \ 1392cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer{ \ 1402cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer .target_offset = sizeof(struct ip6t_entry), \ 1412cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer .next_offset = (__size), \ 1422cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer} 1432cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 1442cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IP6T_STANDARD_INIT(__verdict) \ 1452cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer{ \ 1462cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer .entry = IP6T_ENTRY_INIT(sizeof(struct ip6t_standard)), \ 147dbe77cc974cee656eae37e75039dd1a410a4535bJan Engelhardt .target = XT_TARGET_INIT(XT_STANDARD_TARGET, \ 148dbe77cc974cee656eae37e75039dd1a410a4535bJan Engelhardt sizeof(struct xt_standard_target)), \ 1492cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer .target.verdict = -(__verdict) - 1, \ 1502cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer} 1512cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 1522cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IP6T_ERROR_INIT \ 1532cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer{ \ 1542cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer .entry = IP6T_ENTRY_INIT(sizeof(struct ip6t_error)), \ 155dbe77cc974cee656eae37e75039dd1a410a4535bJan Engelhardt .target = XT_TARGET_INIT(XT_ERROR_TARGET, \ 156dbe77cc974cee656eae37e75039dd1a410a4535bJan Engelhardt sizeof(struct xt_error_target)), \ 1572cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer .target.errorname = "ERROR", \ 1582cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer} 1592cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 1602cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer/* 1612cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer * New IP firewall options for [gs]etsockopt at the RAW IP level. 1622cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer * Unlike BSD Linux inherits IP options so you don't have to use 1632cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer * a raw socket for this. Instead we check rights in the calls. 1642cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer * 1652cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer * ATTENTION: check linux/in6.h before adding new number here. 1662cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer */ 1672cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IP6T_BASE_CTL 64 1682cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 1692cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IP6T_SO_SET_REPLACE (IP6T_BASE_CTL) 1702cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IP6T_SO_SET_ADD_COUNTERS (IP6T_BASE_CTL + 1) 1712cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IP6T_SO_SET_MAX IP6T_SO_SET_ADD_COUNTERS 1722cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 1732cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IP6T_SO_GET_INFO (IP6T_BASE_CTL) 1742cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IP6T_SO_GET_ENTRIES (IP6T_BASE_CTL + 1) 1752cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IP6T_SO_GET_REVISION_MATCH (IP6T_BASE_CTL + 4) 1762cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IP6T_SO_GET_REVISION_TARGET (IP6T_BASE_CTL + 5) 1772cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IP6T_SO_GET_MAX IP6T_SO_GET_REVISION_TARGET 1782cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 179311a6d743df6062246fa0b90cc90e5f6e947b336Felix Janda/* obtain original address if REDIRECT'd connection */ 180311a6d743df6062246fa0b90cc90e5f6e947b336Felix Janda#define IP6T_SO_ORIGINAL_DST 80 181311a6d743df6062246fa0b90cc90e5f6e947b336Felix Janda 1822cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer/* ICMP matching stuff */ 183350661a6eb089f3e54e67e022db9e16ea280499fJan Engelhardtstruct ip6t_icmp { 184311a6d743df6062246fa0b90cc90e5f6e947b336Felix Janda __u8 type; /* type to match */ 185311a6d743df6062246fa0b90cc90e5f6e947b336Felix Janda __u8 code[2]; /* range of code */ 186311a6d743df6062246fa0b90cc90e5f6e947b336Felix Janda __u8 invflags; /* Inverse flags */ 1872cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer}; 1882cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 1892cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer/* Values for "inv" field for struct ipt_icmp. */ 1902cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#define IP6T_ICMP_INV 0x01 /* Invert the sense of type/code test */ 1912cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 1922cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer/* The argument to IP6T_SO_GET_INFO */ 193350661a6eb089f3e54e67e022db9e16ea280499fJan Engelhardtstruct ip6t_getinfo { 1942cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer /* Which table: caller fills this in. */ 195dbe77cc974cee656eae37e75039dd1a410a4535bJan Engelhardt char name[XT_TABLE_MAXNAMELEN]; 1962cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 1972cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer /* Kernel fills these in. */ 1982cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer /* Which hook entry points are valid: bitmask */ 1992cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer unsigned int valid_hooks; 2002cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 2012cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer /* Hook entry points: one per netfilter hook. */ 202ca7cd666949b68bf41a32de38ee38e332e89863bJan Engelhardt unsigned int hook_entry[NF_INET_NUMHOOKS]; 2032cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 2042cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer /* Underflow points. */ 205ca7cd666949b68bf41a32de38ee38e332e89863bJan Engelhardt unsigned int underflow[NF_INET_NUMHOOKS]; 2062cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 2072cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer /* Number of entries */ 2082cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer unsigned int num_entries; 2092cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 2102cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer /* Size of entries. */ 2112cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer unsigned int size; 2122cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer}; 2132cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 2142cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer/* The argument to IP6T_SO_SET_REPLACE. */ 215350661a6eb089f3e54e67e022db9e16ea280499fJan Engelhardtstruct ip6t_replace { 2162cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer /* Which table. */ 217dbe77cc974cee656eae37e75039dd1a410a4535bJan Engelhardt char name[XT_TABLE_MAXNAMELEN]; 2182cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 2192cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer /* Which hook entry points are valid: bitmask. You can't 2202cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer change this. */ 2212cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer unsigned int valid_hooks; 2222cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 2232cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer /* Number of entries */ 2242cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer unsigned int num_entries; 2252cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 2262cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer /* Total size of new entries */ 2272cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer unsigned int size; 2282cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 2292cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer /* Hook entry points. */ 230ca7cd666949b68bf41a32de38ee38e332e89863bJan Engelhardt unsigned int hook_entry[NF_INET_NUMHOOKS]; 2312cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 2322cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer /* Underflow points. */ 233ca7cd666949b68bf41a32de38ee38e332e89863bJan Engelhardt unsigned int underflow[NF_INET_NUMHOOKS]; 2342cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 2352cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer /* Information about old entries: */ 2362cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer /* Number of counters (must be equal to current number of entries). */ 2372cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer unsigned int num_counters; 2382cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer /* The old entries' counters. */ 239ca7cd666949b68bf41a32de38ee38e332e89863bJan Engelhardt struct xt_counters *counters; 2402cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 2412cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer /* The entries (hang off end: not really an array). */ 2422cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer struct ip6t_entry entries[0]; 2432cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer}; 2442cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 2452cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer/* The argument to IP6T_SO_GET_ENTRIES. */ 246350661a6eb089f3e54e67e022db9e16ea280499fJan Engelhardtstruct ip6t_get_entries { 2472cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer /* Which table: user fills this in. */ 248dbe77cc974cee656eae37e75039dd1a410a4535bJan Engelhardt char name[XT_TABLE_MAXNAMELEN]; 2492cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 2502cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer /* User fills this in: total entry size. */ 2512cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer unsigned int size; 2522cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 2532cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer /* The entries. */ 2542cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer struct ip6t_entry entrytable[0]; 2552cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer}; 2562cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 2572cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer/* Helper functions */ 258dbe77cc974cee656eae37e75039dd1a410a4535bJan Engelhardtstatic __inline__ struct xt_entry_target * 2592cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouerip6t_get_target(struct ip6t_entry *e) 2602cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer{ 2612cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer return (void *)e + e->target_offset; 2622cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer} 2632cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 2642cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer/* 2652cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer * Main firewall chains definitions and global var's definitions. 2662cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer */ 2672cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer 2682cfa903a2882a5d7819c697870af9ae3ab106386Jesper Brouer#endif /* _IP6_TABLES_H */ 269