1/**************************************************************************** 2 **************************************************************************** 3 *** 4 *** This header was automatically generated from a Linux kernel header 5 *** of the same name, to make information necessary for userspace to 6 *** call into the kernel available to libc. It contains only constants, 7 *** structures, and macros generated from the original header, and thus, 8 *** contains no copyrightable information. 9 *** 10 **************************************************************************** 11 ****************************************************************************/ 12#ifndef _IPTABLES_H 13#define _IPTABLES_H 14 15#include <linux/compiler.h> 16#include <linux/netfilter_ipv4.h> 17 18#include <linux/netfilter/x_tables.h> 19 20#define IPT_FUNCTION_MAXNAMELEN XT_FUNCTION_MAXNAMELEN 21#define IPT_TABLE_MAXNAMELEN XT_FUNCTION_MAXNAMELEN 22#define ipt_match xt_match 23#define ipt_target xt_target 24#define ipt_table xt_table 25#define ipt_get_revision xt_get_revision 26 27struct ipt_ip { 28 29 struct in_addr src, dst; 30 31 struct in_addr smsk, dmsk; 32 char iniface[IFNAMSIZ], outiface[IFNAMSIZ]; 33 unsigned char iniface_mask[IFNAMSIZ], outiface_mask[IFNAMSIZ]; 34 35 u_int16_t proto; 36 37 u_int8_t flags; 38 39 u_int8_t invflags; 40}; 41 42#define ipt_entry_match xt_entry_match 43#define ipt_entry_target xt_entry_target 44#define ipt_standard_target xt_standard_target 45 46#define ipt_counters xt_counters 47 48#define IPT_F_FRAG 0x01 49#define IPT_F_GOTO 0x02 50#define IPT_F_MASK 0x03 51 52#define IPT_INV_VIA_IN 0x01 53#define IPT_INV_VIA_OUT 0x02 54#define IPT_INV_TOS 0x04 55#define IPT_INV_SRCIP 0x08 56#define IPT_INV_DSTIP 0x10 57#define IPT_INV_FRAG 0x20 58#define IPT_INV_PROTO XT_INV_PROTO 59#define IPT_INV_MASK 0x7F 60 61struct ipt_entry 62{ 63 struct ipt_ip ip; 64 65 unsigned int nfcache; 66 67 u_int16_t target_offset; 68 69 u_int16_t next_offset; 70 71 unsigned int comefrom; 72 73 struct xt_counters counters; 74 75 unsigned char elems[0]; 76}; 77 78#define IPT_BASE_CTL XT_BASE_CTL 79 80#define IPT_SO_SET_REPLACE XT_SO_SET_REPLACE 81#define IPT_SO_SET_ADD_COUNTERS XT_SO_SET_ADD_COUNTERS 82#define IPT_SO_SET_MAX XT_SO_SET_MAX 83 84#define IPT_SO_GET_INFO XT_SO_GET_INFO 85#define IPT_SO_GET_ENTRIES XT_SO_GET_ENTRIES 86#define IPT_SO_GET_REVISION_MATCH XT_SO_GET_REVISION_MATCH 87#define IPT_SO_GET_REVISION_TARGET XT_SO_GET_REVISION_TARGET 88#define IPT_SO_GET_MAX XT_SO_GET_REVISION_TARGET 89 90#define IPT_CONTINUE XT_CONTINUE 91#define IPT_RETURN XT_RETURN 92 93#include <linux/netfilter/xt_tcpudp.h> 94#define ipt_udp xt_udp 95#define ipt_tcp xt_tcp 96 97#define IPT_TCP_INV_SRCPT XT_TCP_INV_SRCPT 98#define IPT_TCP_INV_DSTPT XT_TCP_INV_DSTPT 99#define IPT_TCP_INV_FLAGS XT_TCP_INV_FLAGS 100#define IPT_TCP_INV_OPTION XT_TCP_INV_OPTION 101#define IPT_TCP_INV_MASK XT_TCP_INV_MASK 102 103#define IPT_UDP_INV_SRCPT XT_UDP_INV_SRCPT 104#define IPT_UDP_INV_DSTPT XT_UDP_INV_DSTPT 105#define IPT_UDP_INV_MASK XT_UDP_INV_MASK 106 107struct ipt_icmp 108{ 109 u_int8_t type; 110 u_int8_t code[2]; 111 u_int8_t invflags; 112}; 113 114#define IPT_ICMP_INV 0x01 115 116struct ipt_getinfo 117{ 118 119 char name[IPT_TABLE_MAXNAMELEN]; 120 121 unsigned int valid_hooks; 122 123 unsigned int hook_entry[NF_IP_NUMHOOKS]; 124 125 unsigned int underflow[NF_IP_NUMHOOKS]; 126 127 unsigned int num_entries; 128 129 unsigned int size; 130}; 131 132struct ipt_replace 133{ 134 135 char name[IPT_TABLE_MAXNAMELEN]; 136 137 unsigned int valid_hooks; 138 139 unsigned int num_entries; 140 141 unsigned int size; 142 143 unsigned int hook_entry[NF_IP_NUMHOOKS]; 144 145 unsigned int underflow[NF_IP_NUMHOOKS]; 146 147 unsigned int num_counters; 148 149 struct xt_counters __user *counters; 150 151 struct ipt_entry entries[0]; 152}; 153 154#define ipt_counters_info xt_counters_info 155 156struct ipt_get_entries 157{ 158 159 char name[IPT_TABLE_MAXNAMELEN]; 160 161 unsigned int size; 162 163 struct ipt_entry entrytable[0]; 164}; 165 166#define IPT_STANDARD_TARGET XT_STANDARD_TARGET 167 168#define IPT_ERROR_TARGET XT_ERROR_TARGET 169 170static __inline__ struct ipt_entry_target * 171ipt_get_target(struct ipt_entry *e) 172{ 173 return (void *)e + e->target_offset; 174} 175 176#define IPT_MATCH_ITERATE(e, fn, args...) ({ unsigned int __i; int __ret = 0; struct ipt_entry_match *__match; for (__i = sizeof(struct ipt_entry); __i < (e)->target_offset; __i += __match->u.match_size) { __match = (void *)(e) + __i; __ret = fn(__match , ## args); if (__ret != 0) break; } __ret; }) 177 178#define IPT_ENTRY_ITERATE(entries, size, fn, args...) ({ unsigned int __i; int __ret = 0; struct ipt_entry *__entry; for (__i = 0; __i < (size); __i += __entry->next_offset) { __entry = (void *)(entries) + __i; __ret = fn(__entry , ## args); if (__ret != 0) break; } __ret; }) 179 180#endif 181