• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 #ifndef _X_TABLES_H
2 #define _X_TABLES_H
3 #include <linux/kernel.h>
4 #include <linux/types.h>
5 
6 #define XT_FUNCTION_MAXNAMELEN 30
7 #define XT_EXTENSION_MAXNAMELEN 29
8 #define XT_TABLE_MAXNAMELEN 32
9 
10 struct xt_entry_match {
11 	union {
12 		struct {
13 			__u16 match_size;
14 
15 			/* Used by userspace */
16 			char name[XT_EXTENSION_MAXNAMELEN];
17 			__u8 revision;
18 		} user;
19 		struct {
20 			__u16 match_size;
21 
22 			/* Used inside the kernel */
23 			struct xt_match *match;
24 		} kernel;
25 
26 		/* Total length */
27 		__u16 match_size;
28 	} u;
29 
30 	unsigned char data[0];
31 };
32 
33 struct xt_entry_target {
34 	union {
35 		struct {
36 			__u16 target_size;
37 
38 			/* Used by userspace */
39 			char name[XT_EXTENSION_MAXNAMELEN];
40 			__u8 revision;
41 		} user;
42 		struct {
43 			__u16 target_size;
44 
45 			/* Used inside the kernel */
46 			struct xt_target *target;
47 		} kernel;
48 
49 		/* Total length */
50 		__u16 target_size;
51 	} u;
52 
53 	unsigned char data[0];
54 };
55 
56 #define XT_TARGET_INIT(__name, __size)					       \
57 {									       \
58 	.target.u.user = {						       \
59 		.target_size	= XT_ALIGN(__size),			       \
60 		.name		= __name,				       \
61 	},								       \
62 }
63 
64 struct xt_standard_target {
65 	struct xt_entry_target target;
66 	int verdict;
67 };
68 
69 struct xt_error_target {
70 	struct xt_entry_target target;
71 	char errorname[XT_FUNCTION_MAXNAMELEN];
72 };
73 
74 /* The argument to IPT_SO_GET_REVISION_*.  Returns highest revision
75  * kernel supports, if >= revision. */
76 struct xt_get_revision {
77 	char name[XT_EXTENSION_MAXNAMELEN];
78 	__u8 revision;
79 };
80 
81 /* CONTINUE verdict for targets */
82 #define XT_CONTINUE 0xFFFFFFFF
83 
84 /* For standard target */
85 #define XT_RETURN (-NF_REPEAT - 1)
86 
87 /* this is a dummy structure to find out the alignment requirement for a struct
88  * containing all the fundamental data types that are used in ipt_entry,
89  * ip6t_entry and arpt_entry.  This sucks, and it is a hack.  It will be my
90  * personal pleasure to remove it -HW
91  */
92 struct _xt_align {
93 	__u8 u8;
94 	__u16 u16;
95 	__u32 u32;
96 	__u64 u64;
97 };
98 
99 #define XT_ALIGN(s) __ALIGN_KERNEL((s), __alignof__(struct _xt_align))
100 
101 /* Standard return verdict, or do jump. */
102 #define XT_STANDARD_TARGET ""
103 /* Error verdict. */
104 #define XT_ERROR_TARGET "ERROR"
105 
106 #define SET_COUNTER(c,b,p) do { (c).bcnt = (b); (c).pcnt = (p); } while(0)
107 #define ADD_COUNTER(c,b,p) do { (c).bcnt += (b); (c).pcnt += (p); } while(0)
108 
109 struct xt_counters {
110 	__u64 pcnt, bcnt;			/* Packet and byte counters */
111 };
112 
113 /* The argument to IPT_SO_ADD_COUNTERS. */
114 struct xt_counters_info {
115 	/* Which table. */
116 	char name[XT_TABLE_MAXNAMELEN];
117 
118 	unsigned int num_counters;
119 
120 	/* The counters (actually `number' of these). */
121 	struct xt_counters counters[0];
122 };
123 
124 #define XT_INV_PROTO		0x40	/* Invert the sense of PROTO. */
125 
126 /* fn returns 0 to continue iteration */
127 #define XT_MATCH_ITERATE(type, e, fn, args...)			\
128 ({								\
129 	unsigned int __i;					\
130 	int __ret = 0;						\
131 	struct xt_entry_match *__m;				\
132 								\
133 	for (__i = sizeof(type);				\
134 	     __i < (e)->target_offset;				\
135 	     __i += __m->u.match_size) {			\
136 		__m = (void *)e + __i;				\
137 								\
138 		__ret = fn(__m , ## args);			\
139 		if (__ret != 0)					\
140 			break;					\
141 	}							\
142 	__ret;							\
143 })
144 
145 /* fn returns 0 to continue iteration */
146 #define XT_ENTRY_ITERATE_CONTINUE(type, entries, size, n, fn, args...) \
147 ({								\
148 	unsigned int __i, __n;					\
149 	int __ret = 0;						\
150 	type *__entry;						\
151 								\
152 	for (__i = 0, __n = 0; __i < (size);			\
153 	     __i += __entry->next_offset, __n++) { 		\
154 		__entry = (void *)(entries) + __i;		\
155 		if (__n < n)					\
156 			continue;				\
157 								\
158 		__ret = fn(__entry , ## args);			\
159 		if (__ret != 0)					\
160 			break;					\
161 	}							\
162 	__ret;							\
163 })
164 
165 /* fn returns 0 to continue iteration */
166 #define XT_ENTRY_ITERATE(type, entries, size, fn, args...) \
167 	XT_ENTRY_ITERATE_CONTINUE(type, entries, size, 0, fn, args)
168 
169 
170 /* pos is normally a struct ipt_entry/ip6t_entry/etc. */
171 #define xt_entry_foreach(pos, ehead, esize) \
172 	for ((pos) = (typeof(pos))(ehead); \
173 	     (pos) < (typeof(pos))((char *)(ehead) + (esize)); \
174 	     (pos) = (typeof(pos))((char *)(pos) + (pos)->next_offset))
175 
176 /* can only be xt_entry_match, so no use of typeof here */
177 #define xt_ematch_foreach(pos, entry) \
178 	for ((pos) = (struct xt_entry_match *)entry->elems; \
179 	     (pos) < (struct xt_entry_match *)((char *)(entry) + \
180 	             (entry)->target_offset); \
181 	     (pos) = (struct xt_entry_match *)((char *)(pos) + \
182 	             (pos)->u.match_size))
183 
184 
185 #endif /* _X_TABLES_H */
186