1#ifndef _X_TABLES_H 2#define _X_TABLES_H 3 4#define XT_FUNCTION_MAXNAMELEN 30 5#define XT_TABLE_MAXNAMELEN 32 6 7struct xt_entry_match 8{ 9 union { 10 struct { 11 u_int16_t match_size; 12 13 /* Used by userspace */ 14 char name[XT_FUNCTION_MAXNAMELEN-1]; 15 16 u_int8_t revision; 17 } user; 18 struct { 19 u_int16_t match_size; 20 21 /* Used inside the kernel */ 22 struct xt_match *match; 23 } kernel; 24 25 /* Total length */ 26 u_int16_t match_size; 27 } u; 28 29 unsigned char data[0]; 30}; 31 32struct xt_entry_target 33{ 34 union { 35 struct { 36 u_int16_t target_size; 37 38 /* Used by userspace */ 39 char name[XT_FUNCTION_MAXNAMELEN-1]; 40 41 u_int8_t revision; 42 } user; 43 struct { 44 u_int16_t target_size; 45 46 /* Used inside the kernel */ 47 struct xt_target *target; 48 } kernel; 49 50 /* Total length */ 51 u_int16_t target_size; 52 } u; 53 54 unsigned char data[0]; 55}; 56 57#define XT_TARGET_INIT(__name, __size) \ 58{ \ 59 .target.u.user = { \ 60 .target_size = XT_ALIGN(__size), \ 61 .name = __name, \ 62 }, \ 63} 64 65struct xt_standard_target 66{ 67 struct xt_entry_target target; 68 int verdict; 69}; 70 71/* The argument to IPT_SO_GET_REVISION_*. Returns highest revision 72 * kernel supports, if >= revision. */ 73struct xt_get_revision 74{ 75 char name[XT_FUNCTION_MAXNAMELEN-1]; 76 77 u_int8_t revision; 78}; 79 80/* CONTINUE verdict for targets */ 81#define XT_CONTINUE 0xFFFFFFFF 82 83/* For standard target */ 84#define XT_RETURN (-NF_REPEAT - 1) 85 86/* this is a dummy structure to find out the alignment requirement for a struct 87 * containing all the fundamental data types that are used in ipt_entry, 88 * ip6t_entry and arpt_entry. This sucks, and it is a hack. It will be my 89 * personal pleasure to remove it -HW 90 */ 91struct _xt_align 92{ 93 u_int8_t u8; 94 u_int16_t u16; 95 u_int32_t u32; 96 u_int64_t u64; 97}; 98 99#define XT_ALIGN(s) (((s) + (__alignof__(struct _xt_align)-1)) \ 100 & ~(__alignof__(struct _xt_align)-1)) 101 102/* Standard return verdict, or do jump. */ 103#define XT_STANDARD_TARGET "" 104/* Error verdict. */ 105#define XT_ERROR_TARGET "ERROR" 106 107#define SET_COUNTER(c,b,p) do { (c).bcnt = (b); (c).pcnt = (p); } while(0) 108#define ADD_COUNTER(c,b,p) do { (c).bcnt += (b); (c).pcnt += (p); } while(0) 109 110struct xt_counters 111{ 112 u_int64_t pcnt, bcnt; /* Packet and byte counters */ 113}; 114 115/* The argument to IPT_SO_ADD_COUNTERS. */ 116struct xt_counters_info 117{ 118 /* Which table. */ 119 char name[XT_TABLE_MAXNAMELEN]; 120 121 unsigned int num_counters; 122 123 /* The counters (actually `number' of these). */ 124 struct xt_counters counters[0]; 125}; 126 127#define XT_INV_PROTO 0x40 /* Invert the sense of PROTO. */ 128 129#ifdef __KERNEL__ 130 131#include <linux/netdevice.h> 132 133struct xt_match 134{ 135 struct list_head list; 136 137 const char name[XT_FUNCTION_MAXNAMELEN-1]; 138 139 /* Return true or false: return FALSE and set *hotdrop = 1 to 140 force immediate packet drop. */ 141 /* Arguments changed since 2.6.9, as this must now handle 142 non-linear skb, using skb_header_pointer and 143 skb_ip_make_writable. */ 144 int (*match)(const struct sk_buff *skb, 145 const struct net_device *in, 146 const struct net_device *out, 147 const struct xt_match *match, 148 const void *matchinfo, 149 int offset, 150 unsigned int protoff, 151 int *hotdrop); 152 153 /* Called when user tries to insert an entry of this type. */ 154 /* Should return true or false. */ 155 int (*checkentry)(const char *tablename, 156 const void *ip, 157 const struct xt_match *match, 158 void *matchinfo, 159 unsigned int hook_mask); 160 161 /* Called when entry of this type deleted. */ 162 void (*destroy)(const struct xt_match *match, void *matchinfo); 163 164 /* Called when userspace align differs from kernel space one */ 165 void (*compat_from_user)(void *dst, void *src); 166 int (*compat_to_user)(void __user *dst, void *src); 167 168 /* Set this to THIS_MODULE if you are a module, otherwise NULL */ 169 struct module *me; 170 171 /* Free to use by each match */ 172 unsigned long data; 173 174 char *table; 175 unsigned int matchsize; 176 unsigned int compatsize; 177 unsigned int hooks; 178 unsigned short proto; 179 180 unsigned short family; 181 u_int8_t revision; 182}; 183 184/* Registration hooks for targets. */ 185struct xt_target 186{ 187 struct list_head list; 188 189 const char name[XT_FUNCTION_MAXNAMELEN-1]; 190 191 /* Returns verdict. Argument order changed since 2.6.9, as this 192 must now handle non-linear skbs, using skb_copy_bits and 193 skb_ip_make_writable. */ 194 unsigned int (*target)(struct sk_buff **pskb, 195 const struct net_device *in, 196 const struct net_device *out, 197 unsigned int hooknum, 198 const struct xt_target *target, 199 const void *targinfo); 200 201 /* Called when user tries to insert an entry of this type: 202 hook_mask is a bitmask of hooks from which it can be 203 called. */ 204 /* Should return true or false. */ 205 int (*checkentry)(const char *tablename, 206 const void *entry, 207 const struct xt_target *target, 208 void *targinfo, 209 unsigned int hook_mask); 210 211 /* Called when entry of this type deleted. */ 212 void (*destroy)(const struct xt_target *target, void *targinfo); 213 214 /* Called when userspace align differs from kernel space one */ 215 void (*compat_from_user)(void *dst, void *src); 216 int (*compat_to_user)(void __user *dst, void *src); 217 218 /* Set this to THIS_MODULE if you are a module, otherwise NULL */ 219 struct module *me; 220 221 char *table; 222 unsigned int targetsize; 223 unsigned int compatsize; 224 unsigned int hooks; 225 unsigned short proto; 226 227 unsigned short family; 228 u_int8_t revision; 229}; 230 231/* Furniture shopping... */ 232struct xt_table 233{ 234 struct list_head list; 235 236 /* A unique name... */ 237 char name[XT_TABLE_MAXNAMELEN]; 238 239 /* What hooks you will enter on */ 240 unsigned int valid_hooks; 241 242 /* Lock for the curtain */ 243 rwlock_t lock; 244 245 /* Man behind the curtain... */ 246 //struct ip6t_table_info *private; 247 void *private; 248 249 /* Set this to THIS_MODULE if you are a module, otherwise NULL */ 250 struct module *me; 251 252 int af; /* address/protocol family */ 253}; 254 255#include <linux/netfilter_ipv4.h> 256 257/* The table itself */ 258struct xt_table_info 259{ 260 /* Size per table */ 261 unsigned int size; 262 unsigned int number; 263 /* Initial number of entries. Needed for module usage count */ 264 unsigned int initial_entries; 265 266 /* Entry points and underflows */ 267 unsigned int hook_entry[NF_IP_NUMHOOKS]; 268 unsigned int underflow[NF_IP_NUMHOOKS]; 269 270 /* ipt_entry tables: one per CPU */ 271 char *entries[NR_CPUS]; 272}; 273 274extern int xt_register_target(struct xt_target *target); 275extern void xt_unregister_target(struct xt_target *target); 276extern int xt_register_targets(struct xt_target *target, unsigned int n); 277extern void xt_unregister_targets(struct xt_target *target, unsigned int n); 278 279extern int xt_register_match(struct xt_match *target); 280extern void xt_unregister_match(struct xt_match *target); 281extern int xt_register_matches(struct xt_match *match, unsigned int n); 282extern void xt_unregister_matches(struct xt_match *match, unsigned int n); 283 284extern int xt_check_match(const struct xt_match *match, unsigned short family, 285 unsigned int size, const char *table, unsigned int hook, 286 unsigned short proto, int inv_proto); 287extern int xt_check_target(const struct xt_target *target, unsigned short family, 288 unsigned int size, const char *table, unsigned int hook, 289 unsigned short proto, int inv_proto); 290 291extern int xt_register_table(struct xt_table *table, 292 struct xt_table_info *bootstrap, 293 struct xt_table_info *newinfo); 294extern void *xt_unregister_table(struct xt_table *table); 295 296extern struct xt_table_info *xt_replace_table(struct xt_table *table, 297 unsigned int num_counters, 298 struct xt_table_info *newinfo, 299 int *error); 300 301extern struct xt_match *xt_find_match(int af, const char *name, u8 revision); 302extern struct xt_target *xt_find_target(int af, const char *name, u8 revision); 303extern struct xt_target *xt_request_find_target(int af, const char *name, 304 u8 revision); 305extern int xt_find_revision(int af, const char *name, u8 revision, int target, 306 int *err); 307 308extern struct xt_table *xt_find_table_lock(int af, const char *name); 309extern void xt_table_unlock(struct xt_table *t); 310 311extern int xt_proto_init(int af); 312extern void xt_proto_fini(int af); 313 314extern struct xt_table_info *xt_alloc_table_info(unsigned int size); 315extern void xt_free_table_info(struct xt_table_info *info); 316 317#ifdef CONFIG_COMPAT 318#include <net/compat.h> 319 320struct compat_xt_entry_match 321{ 322 union { 323 struct { 324 u_int16_t match_size; 325 char name[XT_FUNCTION_MAXNAMELEN - 1]; 326 u_int8_t revision; 327 } user; 328 struct { 329 u_int16_t match_size; 330 compat_uptr_t match; 331 } kernel; 332 u_int16_t match_size; 333 } u; 334 unsigned char data[0]; 335}; 336 337struct compat_xt_entry_target 338{ 339 union { 340 struct { 341 u_int16_t target_size; 342 char name[XT_FUNCTION_MAXNAMELEN - 1]; 343 u_int8_t revision; 344 } user; 345 struct { 346 u_int16_t target_size; 347 compat_uptr_t target; 348 } kernel; 349 u_int16_t target_size; 350 } u; 351 unsigned char data[0]; 352}; 353 354 355struct compat_xt_counters 356{ 357#if defined(CONFIG_X86_64) || defined(CONFIG_IA64) 358 u_int32_t cnt[4]; 359#else 360 u_int64_t cnt[2]; 361#endif 362}; 363 364struct compat_xt_counters_info 365{ 366 char name[XT_TABLE_MAXNAMELEN]; 367 compat_uint_t num_counters; 368 struct compat_xt_counters counters[0]; 369}; 370 371#define COMPAT_XT_ALIGN(s) (((s) + (__alignof__(struct compat_xt_counters)-1)) \ 372 & ~(__alignof__(struct compat_xt_counters)-1)) 373 374extern void xt_compat_lock(int af); 375extern void xt_compat_unlock(int af); 376 377extern int xt_compat_match_offset(struct xt_match *match); 378extern void xt_compat_match_from_user(struct xt_entry_match *m, 379 void **dstptr, int *size); 380extern int xt_compat_match_to_user(struct xt_entry_match *m, 381 void __user **dstptr, int *size); 382 383extern int xt_compat_target_offset(struct xt_target *target); 384extern void xt_compat_target_from_user(struct xt_entry_target *t, 385 void **dstptr, int *size); 386extern int xt_compat_target_to_user(struct xt_entry_target *t, 387 void __user **dstptr, int *size); 388 389#endif /* CONFIG_COMPAT */ 390#endif /* __KERNEL__ */ 391 392#endif /* _X_TABLES_H */ 393