111cd02dfb91661c65134cac258cf5924270e9d2Dan Albert/**************************************************************************** 211cd02dfb91661c65134cac258cf5924270e9d2Dan Albert **************************************************************************** 311cd02dfb91661c65134cac258cf5924270e9d2Dan Albert *** 411cd02dfb91661c65134cac258cf5924270e9d2Dan Albert *** This header was automatically generated from a Linux kernel header 511cd02dfb91661c65134cac258cf5924270e9d2Dan Albert *** of the same name, to make information necessary for userspace to 611cd02dfb91661c65134cac258cf5924270e9d2Dan Albert *** call into the kernel available to libc. It contains only constants, 711cd02dfb91661c65134cac258cf5924270e9d2Dan Albert *** structures, and macros generated from the original header, and thus, 811cd02dfb91661c65134cac258cf5924270e9d2Dan Albert *** contains no copyrightable information. 911cd02dfb91661c65134cac258cf5924270e9d2Dan Albert *** 1011cd02dfb91661c65134cac258cf5924270e9d2Dan Albert **************************************************************************** 1111cd02dfb91661c65134cac258cf5924270e9d2Dan Albert ****************************************************************************/ 1211cd02dfb91661c65134cac258cf5924270e9d2Dan Albert#ifndef _IPTABLES_H 1311cd02dfb91661c65134cac258cf5924270e9d2Dan Albert#define _IPTABLES_H 1411cd02dfb91661c65134cac258cf5924270e9d2Dan Albert 1511cd02dfb91661c65134cac258cf5924270e9d2Dan Albert#include <linux/compiler.h> 1611cd02dfb91661c65134cac258cf5924270e9d2Dan Albert#include <linux/netfilter_ipv4.h> 1711cd02dfb91661c65134cac258cf5924270e9d2Dan Albert 1811cd02dfb91661c65134cac258cf5924270e9d2Dan Albert#include <linux/netfilter/x_tables.h> 1911cd02dfb91661c65134cac258cf5924270e9d2Dan Albert 2011cd02dfb91661c65134cac258cf5924270e9d2Dan Albert#define IPT_FUNCTION_MAXNAMELEN XT_FUNCTION_MAXNAMELEN 2111cd02dfb91661c65134cac258cf5924270e9d2Dan Albert#define IPT_TABLE_MAXNAMELEN XT_FUNCTION_MAXNAMELEN 2211cd02dfb91661c65134cac258cf5924270e9d2Dan Albert#define ipt_match xt_match 2311cd02dfb91661c65134cac258cf5924270e9d2Dan Albert#define ipt_target xt_target 2411cd02dfb91661c65134cac258cf5924270e9d2Dan Albert#define ipt_table xt_table 2511cd02dfb91661c65134cac258cf5924270e9d2Dan Albert#define ipt_get_revision xt_get_revision 2611cd02dfb91661c65134cac258cf5924270e9d2Dan Albert 2711cd02dfb91661c65134cac258cf5924270e9d2Dan Albertstruct ipt_ip { 2811cd02dfb91661c65134cac258cf5924270e9d2Dan Albert 2911cd02dfb91661c65134cac258cf5924270e9d2Dan Albert struct in_addr src, dst; 3011cd02dfb91661c65134cac258cf5924270e9d2Dan Albert 3111cd02dfb91661c65134cac258cf5924270e9d2Dan Albert struct in_addr smsk, dmsk; 3211cd02dfb91661c65134cac258cf5924270e9d2Dan Albert char iniface[IFNAMSIZ], outiface[IFNAMSIZ]; 3311cd02dfb91661c65134cac258cf5924270e9d2Dan Albert unsigned char iniface_mask[IFNAMSIZ], outiface_mask[IFNAMSIZ]; 3411cd02dfb91661c65134cac258cf5924270e9d2Dan Albert 3511cd02dfb91661c65134cac258cf5924270e9d2Dan Albert u_int16_t proto; 3611cd02dfb91661c65134cac258cf5924270e9d2Dan Albert 3711cd02dfb91661c65134cac258cf5924270e9d2Dan Albert u_int8_t flags; 3811cd02dfb91661c65134cac258cf5924270e9d2Dan Albert 3911cd02dfb91661c65134cac258cf5924270e9d2Dan Albert u_int8_t invflags; 4011cd02dfb91661c65134cac258cf5924270e9d2Dan Albert}; 4111cd02dfb91661c65134cac258cf5924270e9d2Dan Albert 4211cd02dfb91661c65134cac258cf5924270e9d2Dan Albert#define ipt_entry_match xt_entry_match 4311cd02dfb91661c65134cac258cf5924270e9d2Dan Albert#define ipt_entry_target xt_entry_target 4411cd02dfb91661c65134cac258cf5924270e9d2Dan Albert#define ipt_standard_target xt_standard_target 4511cd02dfb91661c65134cac258cf5924270e9d2Dan Albert 4611cd02dfb91661c65134cac258cf5924270e9d2Dan Albert#define ipt_counters xt_counters 4711cd02dfb91661c65134cac258cf5924270e9d2Dan Albert 4811cd02dfb91661c65134cac258cf5924270e9d2Dan Albert#define IPT_F_FRAG 0x01 4911cd02dfb91661c65134cac258cf5924270e9d2Dan Albert#define IPT_F_GOTO 0x02 5011cd02dfb91661c65134cac258cf5924270e9d2Dan Albert#define IPT_F_MASK 0x03 5111cd02dfb91661c65134cac258cf5924270e9d2Dan Albert 5211cd02dfb91661c65134cac258cf5924270e9d2Dan Albert#define IPT_INV_VIA_IN 0x01 5311cd02dfb91661c65134cac258cf5924270e9d2Dan Albert#define IPT_INV_VIA_OUT 0x02 5411cd02dfb91661c65134cac258cf5924270e9d2Dan Albert#define IPT_INV_TOS 0x04 5511cd02dfb91661c65134cac258cf5924270e9d2Dan Albert#define IPT_INV_SRCIP 0x08 5611cd02dfb91661c65134cac258cf5924270e9d2Dan Albert#define IPT_INV_DSTIP 0x10 5711cd02dfb91661c65134cac258cf5924270e9d2Dan Albert#define IPT_INV_FRAG 0x20 5811cd02dfb91661c65134cac258cf5924270e9d2Dan Albert#define IPT_INV_PROTO XT_INV_PROTO 5911cd02dfb91661c65134cac258cf5924270e9d2Dan Albert#define IPT_INV_MASK 0x7F 6011cd02dfb91661c65134cac258cf5924270e9d2Dan Albert 6111cd02dfb91661c65134cac258cf5924270e9d2Dan Albertstruct ipt_entry 6211cd02dfb91661c65134cac258cf5924270e9d2Dan Albert{ 6311cd02dfb91661c65134cac258cf5924270e9d2Dan Albert struct ipt_ip ip; 6411cd02dfb91661c65134cac258cf5924270e9d2Dan Albert 6511cd02dfb91661c65134cac258cf5924270e9d2Dan Albert unsigned int nfcache; 6611cd02dfb91661c65134cac258cf5924270e9d2Dan Albert 6711cd02dfb91661c65134cac258cf5924270e9d2Dan Albert u_int16_t target_offset; 6811cd02dfb91661c65134cac258cf5924270e9d2Dan Albert 6911cd02dfb91661c65134cac258cf5924270e9d2Dan Albert u_int16_t next_offset; 7011cd02dfb91661c65134cac258cf5924270e9d2Dan Albert 7111cd02dfb91661c65134cac258cf5924270e9d2Dan Albert unsigned int comefrom; 7211cd02dfb91661c65134cac258cf5924270e9d2Dan Albert 7311cd02dfb91661c65134cac258cf5924270e9d2Dan Albert struct xt_counters counters; 7411cd02dfb91661c65134cac258cf5924270e9d2Dan Albert 7511cd02dfb91661c65134cac258cf5924270e9d2Dan Albert unsigned char elems[0]; 7611cd02dfb91661c65134cac258cf5924270e9d2Dan Albert}; 7711cd02dfb91661c65134cac258cf5924270e9d2Dan Albert 7811cd02dfb91661c65134cac258cf5924270e9d2Dan Albert#define IPT_BASE_CTL XT_BASE_CTL 7911cd02dfb91661c65134cac258cf5924270e9d2Dan Albert 8011cd02dfb91661c65134cac258cf5924270e9d2Dan Albert#define IPT_SO_SET_REPLACE XT_SO_SET_REPLACE 8111cd02dfb91661c65134cac258cf5924270e9d2Dan Albert#define IPT_SO_SET_ADD_COUNTERS XT_SO_SET_ADD_COUNTERS 8211cd02dfb91661c65134cac258cf5924270e9d2Dan Albert#define IPT_SO_SET_MAX XT_SO_SET_MAX 8311cd02dfb91661c65134cac258cf5924270e9d2Dan Albert 8411cd02dfb91661c65134cac258cf5924270e9d2Dan Albert#define IPT_SO_GET_INFO XT_SO_GET_INFO 8511cd02dfb91661c65134cac258cf5924270e9d2Dan Albert#define IPT_SO_GET_ENTRIES XT_SO_GET_ENTRIES 8611cd02dfb91661c65134cac258cf5924270e9d2Dan Albert#define IPT_SO_GET_REVISION_MATCH XT_SO_GET_REVISION_MATCH 8711cd02dfb91661c65134cac258cf5924270e9d2Dan Albert#define IPT_SO_GET_REVISION_TARGET XT_SO_GET_REVISION_TARGET 8811cd02dfb91661c65134cac258cf5924270e9d2Dan Albert#define IPT_SO_GET_MAX XT_SO_GET_REVISION_TARGET 8911cd02dfb91661c65134cac258cf5924270e9d2Dan Albert 9011cd02dfb91661c65134cac258cf5924270e9d2Dan Albert#define IPT_CONTINUE XT_CONTINUE 9111cd02dfb91661c65134cac258cf5924270e9d2Dan Albert#define IPT_RETURN XT_RETURN 9211cd02dfb91661c65134cac258cf5924270e9d2Dan Albert 9311cd02dfb91661c65134cac258cf5924270e9d2Dan Albert#include <linux/netfilter/xt_tcpudp.h> 9411cd02dfb91661c65134cac258cf5924270e9d2Dan Albert#define ipt_udp xt_udp 9511cd02dfb91661c65134cac258cf5924270e9d2Dan Albert#define ipt_tcp xt_tcp 9611cd02dfb91661c65134cac258cf5924270e9d2Dan Albert 9711cd02dfb91661c65134cac258cf5924270e9d2Dan Albert#define IPT_TCP_INV_SRCPT XT_TCP_INV_SRCPT 9811cd02dfb91661c65134cac258cf5924270e9d2Dan Albert#define IPT_TCP_INV_DSTPT XT_TCP_INV_DSTPT 9911cd02dfb91661c65134cac258cf5924270e9d2Dan Albert#define IPT_TCP_INV_FLAGS XT_TCP_INV_FLAGS 10011cd02dfb91661c65134cac258cf5924270e9d2Dan Albert#define IPT_TCP_INV_OPTION XT_TCP_INV_OPTION 10111cd02dfb91661c65134cac258cf5924270e9d2Dan Albert#define IPT_TCP_INV_MASK XT_TCP_INV_MASK 10211cd02dfb91661c65134cac258cf5924270e9d2Dan Albert 10311cd02dfb91661c65134cac258cf5924270e9d2Dan Albert#define IPT_UDP_INV_SRCPT XT_UDP_INV_SRCPT 10411cd02dfb91661c65134cac258cf5924270e9d2Dan Albert#define IPT_UDP_INV_DSTPT XT_UDP_INV_DSTPT 10511cd02dfb91661c65134cac258cf5924270e9d2Dan Albert#define IPT_UDP_INV_MASK XT_UDP_INV_MASK 10611cd02dfb91661c65134cac258cf5924270e9d2Dan Albert 10711cd02dfb91661c65134cac258cf5924270e9d2Dan Albertstruct ipt_icmp 10811cd02dfb91661c65134cac258cf5924270e9d2Dan Albert{ 10911cd02dfb91661c65134cac258cf5924270e9d2Dan Albert u_int8_t type; 11011cd02dfb91661c65134cac258cf5924270e9d2Dan Albert u_int8_t code[2]; 11111cd02dfb91661c65134cac258cf5924270e9d2Dan Albert u_int8_t invflags; 11211cd02dfb91661c65134cac258cf5924270e9d2Dan Albert}; 11311cd02dfb91661c65134cac258cf5924270e9d2Dan Albert 11411cd02dfb91661c65134cac258cf5924270e9d2Dan Albert#define IPT_ICMP_INV 0x01 11511cd02dfb91661c65134cac258cf5924270e9d2Dan Albert 11611cd02dfb91661c65134cac258cf5924270e9d2Dan Albertstruct ipt_getinfo 11711cd02dfb91661c65134cac258cf5924270e9d2Dan Albert{ 11811cd02dfb91661c65134cac258cf5924270e9d2Dan Albert 11911cd02dfb91661c65134cac258cf5924270e9d2Dan Albert char name[IPT_TABLE_MAXNAMELEN]; 12011cd02dfb91661c65134cac258cf5924270e9d2Dan Albert 12111cd02dfb91661c65134cac258cf5924270e9d2Dan Albert unsigned int valid_hooks; 12211cd02dfb91661c65134cac258cf5924270e9d2Dan Albert 12311cd02dfb91661c65134cac258cf5924270e9d2Dan Albert unsigned int hook_entry[NF_IP_NUMHOOKS]; 12411cd02dfb91661c65134cac258cf5924270e9d2Dan Albert 12511cd02dfb91661c65134cac258cf5924270e9d2Dan Albert unsigned int underflow[NF_IP_NUMHOOKS]; 12611cd02dfb91661c65134cac258cf5924270e9d2Dan Albert 12711cd02dfb91661c65134cac258cf5924270e9d2Dan Albert unsigned int num_entries; 12811cd02dfb91661c65134cac258cf5924270e9d2Dan Albert 12911cd02dfb91661c65134cac258cf5924270e9d2Dan Albert unsigned int size; 13011cd02dfb91661c65134cac258cf5924270e9d2Dan Albert}; 13111cd02dfb91661c65134cac258cf5924270e9d2Dan Albert 13211cd02dfb91661c65134cac258cf5924270e9d2Dan Albertstruct ipt_replace 13311cd02dfb91661c65134cac258cf5924270e9d2Dan Albert{ 13411cd02dfb91661c65134cac258cf5924270e9d2Dan Albert 13511cd02dfb91661c65134cac258cf5924270e9d2Dan Albert char name[IPT_TABLE_MAXNAMELEN]; 13611cd02dfb91661c65134cac258cf5924270e9d2Dan Albert 13711cd02dfb91661c65134cac258cf5924270e9d2Dan Albert unsigned int valid_hooks; 13811cd02dfb91661c65134cac258cf5924270e9d2Dan Albert 13911cd02dfb91661c65134cac258cf5924270e9d2Dan Albert unsigned int num_entries; 14011cd02dfb91661c65134cac258cf5924270e9d2Dan Albert 14111cd02dfb91661c65134cac258cf5924270e9d2Dan Albert unsigned int size; 14211cd02dfb91661c65134cac258cf5924270e9d2Dan Albert 14311cd02dfb91661c65134cac258cf5924270e9d2Dan Albert unsigned int hook_entry[NF_IP_NUMHOOKS]; 14411cd02dfb91661c65134cac258cf5924270e9d2Dan Albert 14511cd02dfb91661c65134cac258cf5924270e9d2Dan Albert unsigned int underflow[NF_IP_NUMHOOKS]; 14611cd02dfb91661c65134cac258cf5924270e9d2Dan Albert 14711cd02dfb91661c65134cac258cf5924270e9d2Dan Albert unsigned int num_counters; 14811cd02dfb91661c65134cac258cf5924270e9d2Dan Albert 14911cd02dfb91661c65134cac258cf5924270e9d2Dan Albert struct xt_counters __user *counters; 15011cd02dfb91661c65134cac258cf5924270e9d2Dan Albert 15111cd02dfb91661c65134cac258cf5924270e9d2Dan Albert struct ipt_entry entries[0]; 15211cd02dfb91661c65134cac258cf5924270e9d2Dan Albert}; 15311cd02dfb91661c65134cac258cf5924270e9d2Dan Albert 15411cd02dfb91661c65134cac258cf5924270e9d2Dan Albert#define ipt_counters_info xt_counters_info 15511cd02dfb91661c65134cac258cf5924270e9d2Dan Albert 15611cd02dfb91661c65134cac258cf5924270e9d2Dan Albertstruct ipt_get_entries 15711cd02dfb91661c65134cac258cf5924270e9d2Dan Albert{ 15811cd02dfb91661c65134cac258cf5924270e9d2Dan Albert 15911cd02dfb91661c65134cac258cf5924270e9d2Dan Albert char name[IPT_TABLE_MAXNAMELEN]; 16011cd02dfb91661c65134cac258cf5924270e9d2Dan Albert 16111cd02dfb91661c65134cac258cf5924270e9d2Dan Albert unsigned int size; 16211cd02dfb91661c65134cac258cf5924270e9d2Dan Albert 16311cd02dfb91661c65134cac258cf5924270e9d2Dan Albert struct ipt_entry entrytable[0]; 16411cd02dfb91661c65134cac258cf5924270e9d2Dan Albert}; 16511cd02dfb91661c65134cac258cf5924270e9d2Dan Albert 16611cd02dfb91661c65134cac258cf5924270e9d2Dan Albert#define IPT_STANDARD_TARGET XT_STANDARD_TARGET 16711cd02dfb91661c65134cac258cf5924270e9d2Dan Albert 16811cd02dfb91661c65134cac258cf5924270e9d2Dan Albert#define IPT_ERROR_TARGET XT_ERROR_TARGET 16911cd02dfb91661c65134cac258cf5924270e9d2Dan Albert 17011cd02dfb91661c65134cac258cf5924270e9d2Dan Albertstatic __inline__ struct ipt_entry_target * 17111cd02dfb91661c65134cac258cf5924270e9d2Dan Albertipt_get_target(struct ipt_entry *e) 17211cd02dfb91661c65134cac258cf5924270e9d2Dan Albert{ 17311cd02dfb91661c65134cac258cf5924270e9d2Dan Albert return (void *)e + e->target_offset; 17411cd02dfb91661c65134cac258cf5924270e9d2Dan Albert} 17511cd02dfb91661c65134cac258cf5924270e9d2Dan Albert 17611cd02dfb91661c65134cac258cf5924270e9d2Dan Albert#define IPT_MATCH_ITERATE(e, fn, args...) ({ unsigned int __i; int __ret = 0; struct ipt_entry_match *__match; for (__i = sizeof(struct ipt_entry); __i < (e)->target_offset; __i += __match->u.match_size) { __match = (void *)(e) + __i; __ret = fn(__match , ## args); if (__ret != 0) break; } __ret; }) 17711cd02dfb91661c65134cac258cf5924270e9d2Dan Albert 17811cd02dfb91661c65134cac258cf5924270e9d2Dan Albert#define IPT_ENTRY_ITERATE(entries, size, fn, args...) ({ unsigned int __i; int __ret = 0; struct ipt_entry *__entry; for (__i = 0; __i < (size); __i += __entry->next_offset) { __entry = (void *)(entries) + __i; __ret = fn(__entry , ## args); if (__ret != 0) break; } __ret; }) 17911cd02dfb91661c65134cac258cf5924270e9d2Dan Albert 18011cd02dfb91661c65134cac258cf5924270e9d2Dan Albert#endif 181