1#ifndef _X_TABLES_H
2#define _X_TABLES_H
3
4#define XT_FUNCTION_MAXNAMELEN 30
5#define XT_TABLE_MAXNAMELEN 32
6
7struct xt_entry_match
8{
9	union {
10		struct {
11			u_int16_t match_size;
12
13			/* Used by userspace */
14			char name[XT_FUNCTION_MAXNAMELEN-1];
15
16			u_int8_t revision;
17		} user;
18		struct {
19			u_int16_t match_size;
20
21			/* Used inside the kernel */
22			struct xt_match *match;
23		} kernel;
24
25		/* Total length */
26		u_int16_t match_size;
27	} u;
28
29	unsigned char data[0];
30};
31
32struct xt_entry_target
33{
34	union {
35		struct {
36			u_int16_t target_size;
37
38			/* Used by userspace */
39			char name[XT_FUNCTION_MAXNAMELEN-1];
40
41			u_int8_t revision;
42		} user;
43		struct {
44			u_int16_t target_size;
45
46			/* Used inside the kernel */
47			struct xt_target *target;
48		} kernel;
49
50		/* Total length */
51		u_int16_t target_size;
52	} u;
53
54	unsigned char data[0];
55};
56
57#define XT_TARGET_INIT(__name, __size)					       \
58{									       \
59	.target.u.user = {						       \
60		.target_size	= XT_ALIGN(__size),			       \
61		.name		= __name,				       \
62	},								       \
63}
64
65struct xt_standard_target
66{
67	struct xt_entry_target target;
68	int verdict;
69};
70
71/* The argument to IPT_SO_GET_REVISION_*.  Returns highest revision
72 * kernel supports, if >= revision. */
73struct xt_get_revision
74{
75	char name[XT_FUNCTION_MAXNAMELEN-1];
76
77	u_int8_t revision;
78};
79
80/* CONTINUE verdict for targets */
81#define XT_CONTINUE 0xFFFFFFFF
82
83/* For standard target */
84#define XT_RETURN (-NF_REPEAT - 1)
85
86/* this is a dummy structure to find out the alignment requirement for a struct
87 * containing all the fundamental data types that are used in ipt_entry,
88 * ip6t_entry and arpt_entry.  This sucks, and it is a hack.  It will be my
89 * personal pleasure to remove it -HW
90 */
91struct _xt_align
92{
93	u_int8_t u8;
94	u_int16_t u16;
95	u_int32_t u32;
96	u_int64_t u64;
97};
98
99#define XT_ALIGN(s) (((s) + (__alignof__(struct _xt_align)-1)) 	\
100			& ~(__alignof__(struct _xt_align)-1))
101
102/* Standard return verdict, or do jump. */
103#define XT_STANDARD_TARGET ""
104/* Error verdict. */
105#define XT_ERROR_TARGET "ERROR"
106
107#define SET_COUNTER(c,b,p) do { (c).bcnt = (b); (c).pcnt = (p); } while(0)
108#define ADD_COUNTER(c,b,p) do { (c).bcnt += (b); (c).pcnt += (p); } while(0)
109
110struct xt_counters
111{
112	u_int64_t pcnt, bcnt;			/* Packet and byte counters */
113};
114
115/* The argument to IPT_SO_ADD_COUNTERS. */
116struct xt_counters_info
117{
118	/* Which table. */
119	char name[XT_TABLE_MAXNAMELEN];
120
121	unsigned int num_counters;
122
123	/* The counters (actually `number' of these). */
124	struct xt_counters counters[0];
125};
126
127#define XT_INV_PROTO		0x40	/* Invert the sense of PROTO. */
128
129#ifdef __KERNEL__
130
131#include <linux/netdevice.h>
132
133struct xt_match
134{
135	struct list_head list;
136
137	const char name[XT_FUNCTION_MAXNAMELEN-1];
138
139	/* Return true or false: return FALSE and set *hotdrop = 1 to
140           force immediate packet drop. */
141	/* Arguments changed since 2.6.9, as this must now handle
142	   non-linear skb, using skb_header_pointer and
143	   skb_ip_make_writable. */
144	int (*match)(const struct sk_buff *skb,
145		     const struct net_device *in,
146		     const struct net_device *out,
147		     const struct xt_match *match,
148		     const void *matchinfo,
149		     int offset,
150		     unsigned int protoff,
151		     int *hotdrop);
152
153	/* Called when user tries to insert an entry of this type. */
154	/* Should return true or false. */
155	int (*checkentry)(const char *tablename,
156			  const void *ip,
157			  const struct xt_match *match,
158			  void *matchinfo,
159			  unsigned int hook_mask);
160
161	/* Called when entry of this type deleted. */
162	void (*destroy)(const struct xt_match *match, void *matchinfo);
163
164	/* Called when userspace align differs from kernel space one */
165	void (*compat_from_user)(void *dst, void *src);
166	int (*compat_to_user)(void __user *dst, void *src);
167
168	/* Set this to THIS_MODULE if you are a module, otherwise NULL */
169	struct module *me;
170
171	/* Free to use by each match */
172	unsigned long data;
173
174	char *table;
175	unsigned int matchsize;
176	unsigned int compatsize;
177	unsigned int hooks;
178	unsigned short proto;
179
180	unsigned short family;
181	u_int8_t revision;
182};
183
184/* Registration hooks for targets. */
185struct xt_target
186{
187	struct list_head list;
188
189	const char name[XT_FUNCTION_MAXNAMELEN-1];
190
191	/* Returns verdict. Argument order changed since 2.6.9, as this
192	   must now handle non-linear skbs, using skb_copy_bits and
193	   skb_ip_make_writable. */
194	unsigned int (*target)(struct sk_buff **pskb,
195			       const struct net_device *in,
196			       const struct net_device *out,
197			       unsigned int hooknum,
198			       const struct xt_target *target,
199			       const void *targinfo);
200
201	/* Called when user tries to insert an entry of this type:
202           hook_mask is a bitmask of hooks from which it can be
203           called. */
204	/* Should return true or false. */
205	int (*checkentry)(const char *tablename,
206			  const void *entry,
207			  const struct xt_target *target,
208			  void *targinfo,
209			  unsigned int hook_mask);
210
211	/* Called when entry of this type deleted. */
212	void (*destroy)(const struct xt_target *target, void *targinfo);
213
214	/* Called when userspace align differs from kernel space one */
215	void (*compat_from_user)(void *dst, void *src);
216	int (*compat_to_user)(void __user *dst, void *src);
217
218	/* Set this to THIS_MODULE if you are a module, otherwise NULL */
219	struct module *me;
220
221	char *table;
222	unsigned int targetsize;
223	unsigned int compatsize;
224	unsigned int hooks;
225	unsigned short proto;
226
227	unsigned short family;
228	u_int8_t revision;
229};
230
231/* Furniture shopping... */
232struct xt_table
233{
234	struct list_head list;
235
236	/* A unique name... */
237	char name[XT_TABLE_MAXNAMELEN];
238
239	/* What hooks you will enter on */
240	unsigned int valid_hooks;
241
242	/* Lock for the curtain */
243	rwlock_t lock;
244
245	/* Man behind the curtain... */
246	//struct ip6t_table_info *private;
247	void *private;
248
249	/* Set this to THIS_MODULE if you are a module, otherwise NULL */
250	struct module *me;
251
252	int af;		/* address/protocol family */
253};
254
255#include <linux/netfilter_ipv4.h>
256
257/* The table itself */
258struct xt_table_info
259{
260	/* Size per table */
261	unsigned int size;
262	unsigned int number;
263	/* Initial number of entries. Needed for module usage count */
264	unsigned int initial_entries;
265
266	/* Entry points and underflows */
267	unsigned int hook_entry[NF_IP_NUMHOOKS];
268	unsigned int underflow[NF_IP_NUMHOOKS];
269
270	/* ipt_entry tables: one per CPU */
271	char *entries[NR_CPUS];
272};
273
274extern int xt_register_target(struct xt_target *target);
275extern void xt_unregister_target(struct xt_target *target);
276extern int xt_register_targets(struct xt_target *target, unsigned int n);
277extern void xt_unregister_targets(struct xt_target *target, unsigned int n);
278
279extern int xt_register_match(struct xt_match *target);
280extern void xt_unregister_match(struct xt_match *target);
281extern int xt_register_matches(struct xt_match *match, unsigned int n);
282extern void xt_unregister_matches(struct xt_match *match, unsigned int n);
283
284extern int xt_check_match(const struct xt_match *match, unsigned short family,
285			  unsigned int size, const char *table, unsigned int hook,
286			  unsigned short proto, int inv_proto);
287extern int xt_check_target(const struct xt_target *target, unsigned short family,
288			   unsigned int size, const char *table, unsigned int hook,
289			   unsigned short proto, int inv_proto);
290
291extern int xt_register_table(struct xt_table *table,
292			     struct xt_table_info *bootstrap,
293			     struct xt_table_info *newinfo);
294extern void *xt_unregister_table(struct xt_table *table);
295
296extern struct xt_table_info *xt_replace_table(struct xt_table *table,
297					      unsigned int num_counters,
298					      struct xt_table_info *newinfo,
299					      int *error);
300
301extern struct xt_match *xt_find_match(int af, const char *name, u8 revision);
302extern struct xt_target *xt_find_target(int af, const char *name, u8 revision);
303extern struct xt_target *xt_request_find_target(int af, const char *name,
304						u8 revision);
305extern int xt_find_revision(int af, const char *name, u8 revision, int target,
306			    int *err);
307
308extern struct xt_table *xt_find_table_lock(int af, const char *name);
309extern void xt_table_unlock(struct xt_table *t);
310
311extern int xt_proto_init(int af);
312extern void xt_proto_fini(int af);
313
314extern struct xt_table_info *xt_alloc_table_info(unsigned int size);
315extern void xt_free_table_info(struct xt_table_info *info);
316
317#ifdef CONFIG_COMPAT
318#include <net/compat.h>
319
320struct compat_xt_entry_match
321{
322	union {
323		struct {
324			u_int16_t match_size;
325			char name[XT_FUNCTION_MAXNAMELEN - 1];
326			u_int8_t revision;
327		} user;
328		struct {
329			u_int16_t match_size;
330			compat_uptr_t match;
331		} kernel;
332		u_int16_t match_size;
333	} u;
334	unsigned char data[0];
335};
336
337struct compat_xt_entry_target
338{
339	union {
340		struct {
341			u_int16_t target_size;
342			char name[XT_FUNCTION_MAXNAMELEN - 1];
343			u_int8_t revision;
344		} user;
345		struct {
346			u_int16_t target_size;
347			compat_uptr_t target;
348		} kernel;
349		u_int16_t target_size;
350	} u;
351	unsigned char data[0];
352};
353
354
355struct compat_xt_counters
356{
357#if defined(CONFIG_X86_64) || defined(CONFIG_IA64)
358	u_int32_t cnt[4];
359#else
360	u_int64_t cnt[2];
361#endif
362};
363
364struct compat_xt_counters_info
365{
366	char name[XT_TABLE_MAXNAMELEN];
367	compat_uint_t num_counters;
368	struct compat_xt_counters counters[0];
369};
370
371#define COMPAT_XT_ALIGN(s) (((s) + (__alignof__(struct compat_xt_counters)-1)) \
372		& ~(__alignof__(struct compat_xt_counters)-1))
373
374extern void xt_compat_lock(int af);
375extern void xt_compat_unlock(int af);
376
377extern int xt_compat_match_offset(struct xt_match *match);
378extern void xt_compat_match_from_user(struct xt_entry_match *m,
379				      void **dstptr, int *size);
380extern int xt_compat_match_to_user(struct xt_entry_match *m,
381				   void __user **dstptr, int *size);
382
383extern int xt_compat_target_offset(struct xt_target *target);
384extern void xt_compat_target_from_user(struct xt_entry_target *t,
385				       void **dstptr, int *size);
386extern int xt_compat_target_to_user(struct xt_entry_target *t,
387				    void __user **dstptr, int *size);
388
389#endif /* CONFIG_COMPAT */
390#endif /* __KERNEL__ */
391
392#endif /* _X_TABLES_H */
393